I wanted to bring this post up based on a finding a few years back with a client. We had a fortigate as web-proxy and issuing a pac_file.
A client was movie their explicit proxy to a barracuda but wanted to keep the fortigate as the server for the proxy pac-file URL.
They deploy some pac file URL checker that was failing but yes the url was correct. What we found out was, the fortigate does NOT answer on a http_request_method HEAD.
It also does not provide a server header. So if your doing any PCI scan get a fail in that area, you really can't do anything about that.
example ( HEAD request always == 403 response )
No server header in response
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment