Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
2
Replies

Passing SOAP application through PIX

alexserkin
Level 1
Level 1

‎06-07-2006 02:27 AM - edited ‎02-21-2020 12:57 AM

Recently we noticed that the HTTP POST request containing SOAP application is not passed through the PIX (7.1(2)) with default inspection rule.

The message is:

--------------------------------------------

Hypertext Transfer Protocol

POST /rcu/rc.asmx HTTP/1.1\r\n

Request Method: POST

Request URI: /rcu/rc.asmx

Request Version: HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.42)\r\n

Content-Type: text/xml; charset=utf-8\r\n

SOAPAction: "http://tempuri.org/SherpWS/Service1/Execute1"\r\n

Host: 10.0.52.43\r\n

Content-Length: 416\r\n

Expect: 100-continue\r\n

Connection: Keep-Alive\r\n

\r\n

eXtensible Markup Language

<?xml

version="1.0"

encoding="utf-8"

?>

<soap:Envelope

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Body>

<Execute1

xmlns="http://tempuri.org/SherpWS/Service1">

<QueryCode>

BS_Balance_Get

</QueryCode>

<Parameters>

i_DN=9013155908,i_ExtParam=$SUBSYSTEM=WINSP

</Parameters>

</Execute1>

</soap:Body>

</soap:Envelope>

-------------------------------------

And the error reported is:

%PIX-5-415008:1 HTTP RFC method illegal - 'POST' from 10.x.x.x to srv03

What is wrong with the request so that pix does not allow it through?

0 Helpful
2 Replies 2

a.kiprawih
Level 7
Level 7

‎06-08-2006 02:31 AM

Hi,

As per Cisco PIX 7.x error log definition, it indicates that an attempt has been made to use a forbidden RFC method. This violates the user-configured policy.

This message is issued when the "http-map request-method rfc" command is configured to filter the specified RFC method, which matched line#3 of your post:

Request Method: POST

The keyword 'POST' was the name of the RFC method that caused that alert.

Sometimes, this was due to the application coding/programming itself that conflicts with PIX 7.x. The result will either you application traffic being reset or dropped.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/syslog/logmsgs.htm#wp3047882

Rgds,

AK

0 Helpful

alexserkin
Level 1
Level 1
In response to a.kiprawih

‎06-08-2006 03:58 AM

The problem is that there weren't any http maps configured on the pix.

The config was:

...

policy-map global_policy

class inspection_default

...

inspect http

!

And the http request mentioned was silently dropped by pix.

Then i created an http map:

http-map httpmap

strict-http action allow log

port-misuse default action allow log

request-method rfc default action allow log

request-method ext default action allow log

transfer-encoding type default action allow log

and referenced it in global_policy

The log message 4150008 appeared about illegal method.

If the method POST is referenced in rfc2616 why is it considered illegal?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card