You might try registering a proc for POST that checks the content-length. If content-length is 0 or it doesn't match the size of the content itself, you could generate an error page that pointed the user off to the patch and that describes the issue. You could also give them the option to re-POST the content. You might even find a way to get the POST to be retried using redirects etc., but I'm not sure that's doable and it sounds rather messy. You could register the proc to run before your POST handling routine, or you could implement this capability within your POST-handling proc itself.
/s.
On Apr 13, 2004, at 9:44 AM, Ron Emerick wrote:
Thanks. I applied that update and based on preliminary testing seemed to resolve the problem.
The problem now is that I dealing with external users so I can't apply the patch to their system.
So I'm looking for ways to handle. I was wondering if there is an http status code so that the browser would resend the request. Or I could display an error page that suggest the user update their browser with 831167.
Any ideas on how to handle for external users would be welcome.
Thanks, Ron Emerick
On Tue, 13 Apr 2004 09:39:04 -0400, Scott Goodwin <[EMAIL PROTECTED]> wrote:
Here's the pertinent text from Microsoft:<[EMAIL PROTECTED]> with the
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
Why am I getting errors when attempting to access certain SSL protected Web Sites?
After installing the Internet Explorer 6.0 SP1 version of this update, there may be intermittent failures of POST requests to SSL protected sites. This may cause some users to receive an HTTP 500 (Internal server error) while attempting to access certain Web Sites. Microsoft is aware of this issue and has released an update. Information on obtaining this update may be found in the Knowledge Base Article 831167. This update will be included in future Cumulative Security Updates for Internet Explorer.
The fix is here and must be applied to MSIE:
http://support.microsoft.com/default.aspx?kbid=831167
I wish MS had an automated regression test suite to run before they released updates and new versions -- it would probably cut down a lot of these kinds of problems, and reduce Windows TCO for those who use their stuff (which is all of us). Ah well.
/s.
On Apr 13, 2004, at 8:55 AM, Greg McGuire wrote:
I can certainly corroborate this; much of our customer service is done using SSL, and they use IE6 (mostly). In the past month I've gotten many complaints about this. Finding nothing amiss with AOLserver, I could only suggest that they switch to Mozilla. Is this an AOLserver / IE6 interaction, or are people seeing this using other web servers as well?
Regards, Greg
On Apr 12, 2004, at 4:00 PM, Ron Emerick wrote:
We are noticing that maybe 1 out of 20 HTTPS requests from our clients using MSIE 6.0 are failing. Further digging seems to suggest that the data that should be POSTed with the request isn't (i.e. content-length: 0).
It seems that this is related to a MSIE Explorer patch Q832894.
Thanks, Ron Emerick
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email tobody of "SIGNOFF AOLSERVER" in the email message. You can leave theSubject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.