On Mon, Oct 30, 2017 at 4:32 PM, Jori Mäntysalo <jori.mantys...@uta.fi> wrote: > On Mon, 30 Oct 2017, Erik Bray wrote: > >>> OK, the common source of problems might be my university network. > > >> Hard to imagine--maybe the university network has a proxy that is >> stripping/corrupting some request and/or response headers? > > > Not at all that strange to me. Just three weeks ago we changed some routes, > and then about 10 percent of students could not anymore upload files bigger > than about 100 kilobytes to some of our servers. Somehow a "university > router" (big one) and "department router" (small one) did not like each > other. > > Still I do not know what exactly happened. Maybe some tcp fragmentation > thing, timings, or some other things.
Thanks to some request/response dumps Jeroen sent me, I think I can take a guess at the problem. His university has set up a forward proxy to cache static HTTP resources, and so while his /login request comes from his machine, or whatever NAT router it's behind, requests for static resources on the site come from the proxy, which is forwarding headers but is not at the same IP address. So the check_ip setting in the Trac config fails and invalidates his trac_auth cookie. I'm just going to disable the check_ip setting. It doesn't really offer any value security-wise, especially not for an internet-facing site. -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
