Google Answers: HTTP redirect

View Question

Q: HTTP redirect ( No Answer, 2 Comments )

Question

Subject: HTTP redirect
Category: Computers > Internet
Asked by: turtle1234567890-ga
List Price: $125.00

Posted: 27 May 2004 12:51 PDT
Expires: 26 Jun 2004 12:51 PDT
Question ID: 352832

How can a network probe for Virus detection (that sees HTTP requests
but cannnot prevent them from being transmitted) cause a client
browser to be redirected to a virus cleanup URL if the original HTTP
request may be answered.

Request for Question Clarification by larre-ga on 27 May 2004 13:35 PDT
Are you asking "How a network firewall works?"

---l

Clarification of Question by turtle1234567890-ga on 27 May 2004 14:55 PDT

I am not asking how a firewall works, rather I would like to know if
it is possible to send an HTTP redirect from a netowrk device other
then a web server, when the orignal request still goes on to the
destination URL.

Let's say I have a virus which somehow a network IDS probe detected. I
don't know that I am infected but the IDS probes does and wants to
notify me to do a virus scan. It would like to notify me by
re-directing my next HTTP get (say www.google.com) to go to a virus
alert/scan web pageinstead. Sine the IDS probe could not prevent the
HTTP get from going to google.com, howcan it send a redirect and have
the client browser function properly if the google.com response also
comes back to the client.

Answer

There is no answer at this time.

Comments

Subject: Re: HTTP redirect
From: rio2-ga on 29 May 2004 19:01 PDT

This can be done using transparent proxy server which has the capabilities
of scanning http downloads request, or a gateway that intercept user
request and do a virus scan before forwarding the requested page to
the user.

Proxy server is a server that acts as an intermediary between a user's
computer and the computer they want to access. If a user makes a
request for a resource from computer "A," this request is directed to
the proxy server, which makes the request, gets the response from
computer "A," and then forwards the response to the client. The fact
that a proxy server intercept the connections, makes it possible for
you to do virus checking for the requested files before forwarding the
request to the user.

There are commercial software which include proxy server and antivirus engine
in a bundle :

http://www.trendmicro.com/en/products/gateway/isvw/evaluate/overview.htm
http://www.hbedv.com/en/products/antivir_proxyserver/index.html
http://www.pandasecurity.com/proxy.htm

Or you can use free open source software if you are on *nix platform: 
Squid(http://www.squid.org) with Viraltor(http://viralator.sourceforge.net/) + 
ClamAV (http://clamav.net/)

Subject: Re: HTTP redirect
From: mercurytx-ga on 09 Jun 2004 00:52 PDT

This is an interesting question. Here's my proposed solution:
Upon detection of virus related traffic from a PC, modify the PC's
proxy settings to route all web traffic to an application that will
return a "run virus scan" message to the client browser. The proxy
settings can be modified by changing the data value of this registry
key:

Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
Value Name: ProxyServer
Data Type: REG_SZ
Data: Server:Port

Server:port represent the address and port information to the
application that will return the "run virus scan" message.

One simple way to implement it is to use a web server as the
application that will serve the "run virus scan" message. Here's a
proof of concept:

1)Set up a web server to serve the "You need a virus scan" page. If
the IDS has one builtin, all the better, if not, you can easily set
one up on your network. There are numerous servers available for free,
such as Apache server (http://www.apache.org). You may also have IIS
available in your environment.

Let's say that you are running the web server locally on port 8080.
The url for your server would be http://localhost:8080.

2) Create your "You need a virus scan" page:
If you have IIS available, go to the default web folder (usually
c:\inetpub\wwwroot). Create a file called default.htm. Edit the file
to include the message that you would want the user to see ("Please
run a virus scan on PC"). Also, ensure that the IIS server is
configured to serve default.htm by default.

3)
When the IDS detects that a PC is infected, have your IDS modify the
following registry entry on that PC:
Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings]
Value Name: ProxyServer
Data Type: REG_SZ
Data: Server:Port

In this example, "Server:Port" would be localhost:8080

4) Subsequent HTTP requests to say http://www.yahoo.com will be
redirected to your virus scan message page.

A custom application is better than using a web server for handling
the redirected requests.

Feel free to let me know if you have any questions about setting up
the proof of concept. Also, which IDS application are you using?

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy