[users@httpd] Content-Length: 0 on SSL POSTs with IE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Debian Stable:
Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e DAV/2 SVN/1.1.4

The front-end server is Internet facing and listens to port 80 and
443 SSL.  It proxies request to a back-end Apache mod_perl server.

I have one user that when they post a form *in SSL* mode the post
fails due to lack of correctly posted data: The content-length header
is zero.

When they post to a form that is not SSL then it works fine.

This seems to be the case of:

    http://support.microsoft.com/default.aspx?kbid=831167

And discussed here:

    http://geekswithblogs.net/timh/archive/2006/01/26/67183.aspx


I can dump request headers on the mod_perl server and I can see the
request has a content-length of zero:

Here's the request headers on the back-end server:

    Cache-Control: no-cache
    Via: 1.1 foo
    Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, application/x-shockwave-flash, */*
    Accept-Encoding: gzip, deflate
    Accept-Language: en-us
    Host: 127.0.0.1:10443
    Max-Forwards: 10
    Referer: https://foo/workshop/register/billing
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
    Content-Length: 0
    Content-Type: application/x-www-form-urlencoded
    Cookie: session=2e4e14be71afa8ae92dea02cb9c4a4a3899999d3
    X-Forwarded-For: 64.166...
    X-Forwarded-Host: foo
    X-Forwarded-Server: foo

What I'm not clear on is that Microsoft report says this is a result
of a change to IE that makes IE:

    ...retries POST requests when a Web server resets the connection.
    Programs that use Windows Internet (Wininet) application
    programming interface (API) functions to post data (such as a user
    name or a password) to a Web server retry the POST request without
    including the POST data if the Web server closes (or resets) the
    initial connection request.


Since my SSL server is on the front end I can't (or don't know how
to) see the actual request headers.  But the front access_log only
shows *one* POST so I don't see how it would be retrying the request.

That is, how do I know if the front-end server is resetting the
request?  Is this something at the tcp level (I could see with
ethereal) or something within the SSL http request that I couldn't
see with ethereal/wireshark?

Or is Microsoft making this up and just failing to submit the posted
data for some reason when in SSL mode.



-- 
Bill Moseley
moseley@xxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux