Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing SOAP application through PIX

Recently we noticed that the HTTP POST request containing SOAP application is not passed through the PIX (7.1(2)) with default inspection rule.

The message is:

--------------------------------------------

Hypertext Transfer Protocol

POST /rcu/rc.asmx HTTP/1.1\r\n

Request Method: POST

Request URI: /rcu/rc.asmx

Request Version: HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.42)\r\n

Content-Type: text/xml; charset=utf-8\r\n

SOAPAction: "http://tempuri.org/SherpWS/Service1/Execute1"\r\n

Host: 10.0.52.43\r\n

Content-Length: 416\r\n

Expect: 100-continue\r\n

Connection: Keep-Alive\r\n

\r\n

eXtensible Markup Language

<?xml

version="1.0"

encoding="utf-8"

?>

<soap:Envelope

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Body>

<Execute1

xmlns="http://tempuri.org/SherpWS/Service1">

<QueryCode>

BS_Balance_Get

</QueryCode>

<Parameters>

i_DN=9013155908,i_ExtParam=$SUBSYSTEM=WINSP

</Parameters>

</Execute1>

</soap:Body>

</soap:Envelope>

-------------------------------------

And the error reported is:

%PIX-5-415008:1 HTTP RFC method illegal - 'POST' from 10.x.x.x to srv03

What is wrong with the request so that pix does not allow it through?

2 REPLIES

Re: Passing SOAP application through PIX

Hi,

As per Cisco PIX 7.x error log definition, it indicates that an attempt has been made to use a forbidden RFC method. This violates the user-configured policy.

This message is issued when the "http-map request-method rfc" command is configured to filter the specified RFC method, which matched line#3 of your post:

Request Method: POST

The keyword 'POST' was the name of the RFC method that caused that alert.

Sometimes, this was due to the application coding/programming itself that conflicts with PIX 7.x. The result will either you application traffic being reset or dropped.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/syslog/logmsgs.htm#wp3047882

Rgds,

AK

New Member

Re: Passing SOAP application through PIX

The problem is that there weren't any http maps configured on the pix.

The config was:

...

policy-map global_policy

class inspection_default

...

inspect http

!

And the http request mentioned was silently dropped by pix.

Then i created an http map:

http-map httpmap

strict-http action allow log

port-misuse default action allow log

request-method rfc default action allow log

request-method ext default action allow log

transfer-encoding type default action allow log

and referenced it in global_policy

The log message 4150008 appeared about illegal method.

If the method POST is referenced in rfc2616 why is it considered illegal?

203
Views
0
Helpful
2
Replies
CreatePlease login to create content