locked
Strange Web Monitor Error Event RRS feed

  • Question

  • Hi,

    I'm seeing this error every now and again - with many tens of entries - in the Web Monitor events.

    The request from source IP address xxx.xx.xx.xxx, user to trunk xxxxxxx; Secure=0 failed due to an error with a predefined global rule. The error code is Must start with slash

    I can't find what this means. Any chance someone could explain so I know whether or not I have to do something to fix it?

    Thanks in advance 

    Wednesday, July 6, 2011 8:34 AM

Answers

  • Hi,

    I've never seen this in real life, but the error indicates that UAG received an HTTP request in which the requested URL did not start with a forward slash (for example, the request was GET some-url.extension HTTP/1.1, instead of GET /some-url.extension HTTP/1.1).

    Regards,


    -Ran
    • Marked as answer by Mahilu Tuesday, July 19, 2011 1:49 PM
    Wednesday, July 6, 2011 11:52 AM

All replies

  • Hi,

    I've never seen this in real life, but the error indicates that UAG received an HTTP request in which the requested URL did not start with a forward slash (for example, the request was GET some-url.extension HTTP/1.1, instead of GET /some-url.extension HTTP/1.1).

    Regards,


    -Ran
    • Marked as answer by Mahilu Tuesday, July 19, 2011 1:49 PM
    Wednesday, July 6, 2011 11:52 AM
  • Thanks a lot for the reply. I'd sort of thought that was what was happening but wasn't totally sure.

    Seems someone is spamming from IP 108.16.30.201 which is some Verizon pool of IP's.

     

    Is there anything I can do with the TMG to stop them being able to start a session? I think TMG is dealing with the connections but it's filling up the web monitor logs with this junk and the session stays on TMG until I kill it.

    TMG says when I filter on the source IP:

    Log type: Web Proxy (Reverse)
    Status: 0 The operation completed successfully.
    Source: 108.16.30.201
    Destination: -
    Request:
    Filter information: The request from source IP address 108.16.30.201, user to trunk portal; Secure=0 failed due to an error with a predefined global rule. The error code is Must start with slash.
    Additional information
    • Object source: (No source information is available.)
    • Cache info: 0x0
    • Processing time: 0 MIME type:

    • Marked as answer by Mahilu Tuesday, July 19, 2011 1:49 PM
    • Unmarked as answer by Mahilu Tuesday, July 19, 2011 1:49 PM
    Wednesday, July 6, 2011 1:32 PM