Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dat_tran_man
Participant
Jump to solution

How to configure http max header length R77.30

Hi Checkmates,

Using VSX mode, 2 checkpoint 12000 series, R77.30

I got this log when trying to access a website, and it deny access.

Anyone facing this problem already.

Please help me on this case,

Thank you guys,

Zed

1 Solution

Accepted Solutions
Vincent_Bacher
Advisor
Advisor

Sure (if Checkpoint allows)

How to increase / disable max_header_length

Solution IDsk44674
ProductIPS
VersionR70, R71, R75, NGX R65, R76, R77
OSSecurePlatform, Windows, Linux
Platform / ModelAll
Date Created28-Apr-2010
Last Modified18-Feb-2014
Show more details
Show less details
Symptoms
  • Drops in SmartView Tracker: 'exceeded max_header-length' for product Smart Defense / IPS even though the value was changed under Smart Defense / IPS.
Cause

It was not changed for all instances in Smart Defense / IPS. Each profile has its own setting. All the settings need to be changed.

    

Solution

On the Security Management via GuiDBedit.

1.Log out of all smart console applications.

2.Log in to GuiDBedit.

3.Search guidbedit for the following data string http_max_header_length.
Make sure the value is the value you want it set to on all profiles (detailed below). The default is 2100, max is 12288. (Left side shows current value – changeable, right side shows default value – not changeable).
Then click Ctrl+F and click find next. You should see this parameter for each of the following object names. For each of them, perform the change. They should, but might not appear in the following order:

AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra

TemplateAdvancedSecurityObject

RecommendedAdvancedSecurityObject

If Smart Defense / IPS is deactivate and the issue persists (traffic still being dropped), adjust the DeactivatedAdvancedSecurityObject to the desired length.

4.After performing the changes, save and exit.

5.Install policy.

6.If the drop is still present, consider increasing the value even further.

In case the solution fails completely, consider disabling http_max_header_length enforcement:

1.Log out of all smart console applications.

2.Log in to GuiDBedit.

3.Search guidbedit for the following data string http_enforce_max_header_length.

Change it's value from true to false on all profiles:

AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra

TemplateAdvancedSecurityObject

RecommendedAdvancedSecurityObject

4.After performing the changes, save and exit.

5.Perform cpstop and cpstart on the Security Management.

6.Install policy.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite

View solution in original post

6 Replies
Vincent_Bacher
Advisor
Advisor

Hi Zed,

just check sk44674, maybe it helps.
Cheers
Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
dat_tran_man
Participant

Hi Vincent, 

Thank for your reply. 

My UC account doesn't have advance access to see the Solution. Could you please capture the text for me.

Thank in advance,

Zed

0 Kudos
Vincent_Bacher
Advisor
Advisor

Sure (if Checkpoint allows)

How to increase / disable max_header_length

Solution IDsk44674
ProductIPS
VersionR70, R71, R75, NGX R65, R76, R77
OSSecurePlatform, Windows, Linux
Platform / ModelAll
Date Created28-Apr-2010
Last Modified18-Feb-2014
Show more details
Show less details
Symptoms
  • Drops in SmartView Tracker: 'exceeded max_header-length' for product Smart Defense / IPS even though the value was changed under Smart Defense / IPS.
Cause

It was not changed for all instances in Smart Defense / IPS. Each profile has its own setting. All the settings need to be changed.

    

Solution

On the Security Management via GuiDBedit.

1.Log out of all smart console applications.

2.Log in to GuiDBedit.

3.Search guidbedit for the following data string http_max_header_length.
Make sure the value is the value you want it set to on all profiles (detailed below). The default is 2100, max is 12288. (Left side shows current value – changeable, right side shows default value – not changeable).
Then click Ctrl+F and click find next. You should see this parameter for each of the following object names. For each of them, perform the change. They should, but might not appear in the following order:

AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra

TemplateAdvancedSecurityObject

RecommendedAdvancedSecurityObject

If Smart Defense / IPS is deactivate and the issue persists (traffic still being dropped), adjust the DeactivatedAdvancedSecurityObject to the desired length.

4.After performing the changes, save and exit.

5.Install policy.

6.If the drop is still present, consider increasing the value even further.

In case the solution fails completely, consider disabling http_max_header_length enforcement:

1.Log out of all smart console applications.

2.Log in to GuiDBedit.

3.Search guidbedit for the following data string http_enforce_max_header_length.

Change it's value from true to false on all profiles:

AdvancedSecurityObject
TemplateAdvancedSecurityObjectConnectra
DeactivatedAdvancedSecurityObject
AdvancedSecurityObjectConnectra

TemplateAdvancedSecurityObject

RecommendedAdvancedSecurityObject

4.After performing the changes, save and exit.

5.Perform cpstop and cpstart on the Security Management.

6.Install policy.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
dat_tran_man
Participant

Hi Vincent,

Very appreciate for your help. Already sloved.

Thank you,

Zed

0 Kudos
Vincent_Bacher
Advisor
Advisor

Hello Zed,

i am glad that I could help, you're welcome!

Cheers
Vincent

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
dat_tran_man
Participant

Hi Vincent,

Hope you're doing well, could you please help me capture solution of sk36161.

I'm requesting CP allow my account access to solution.

Thank you so much,

Zed

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events