To resolve the issue, do any of the following:
- Create a bypass rule between DSM and TMCM.
- On the Properties page of IPS Rule 1000128 HTTP Protocol Decoding, go to the Configuration tab and untick Use URI Normalization in body of HTTP POST.
To resolve the issue, do any of the following:
Deep Security9.0
When a computer is assigned with Intrusion Prevention Rule 1000128 "HTTP Protocol Decoding", the following known issues might be encountered:
The DPI Rule "HTTP Protocol Decoding" is triggered for the HTTP POST request below:
POST /webservice/Manager HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Host: 172.21.4.194:4119 Accept: */* Referrer: SOAPAction: "" Content-Length: 331 Content-Type: application/x-www-form-urlencoded <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:Manager"> <soapenv:Header/> <soapenv:Body> <urn:authenticate> <urn:username>masteradmin</urn:username> <urn:password>11111111</urn:password> </urn:authenticate> </soapenv:Body> </soapenv:Envelope>
Since "\x0A" (new line character) is included in the set of illegal characters, the rule is triggered at the end of pattern "urn:Manager".
To resolve the issue, do any of the following: