Re: POST without any content - sometimes
Okey. Then I will try to disable the perlscripts referer check and consider the problem solved... As I understood, the referer isn't a safe way to stop spammers and hackers anyways... Thanks everyone!! /Anders jon skrev: > On Sat, 2002-02-16 at 01:43, Anders Knuts wrote: > > I don't think it's the users browser since I got one POST with referer and one > > POST without with only three seconds between. The user runs vanilla Win XP > > with MS IE5.5. I think there is a Norton Personal firewall in between, maybe > > there's the problem? > > I don't know about Personal Firewall, but Norton Internet Security does > indeed strip off referer tags. We discovered this at work while > debugging a similar problem. This is part of the "Privacy Control" > component > > -jon > > -- > [EMAIL PROTECTED] || www.divisionbyzero.com > gpg key: www.divisionbyzero.com/pubkey.asc > think i have a virus? www.divisionbyzero.com/pgp.html > "You are in a twisty little maze of Sendmail rules, all confusing." > > >Name: signature.asc >signature.asc Type: application/pgp-signature
Re: POST without any content - sometimes
I don't think it's the users browser since I got one POST with referer and one POST without with only three seconds between. The user runs vanilla Win XP with MS IE5.5. I think there is a Norton Personal firewall in between, maybe there's the problem? Maybe the best thing to do is to make the script accept POSTs without referer and forget tho whole thing? On the other hand I'm a curious person :-) /Anders Tatsuhiko Miyagawa skrev: > On Sat, 16 Feb 2002 08:40:12 +0100 > Anders Knuts <[EMAIL PROTECTED]> wrote: > > > Yes of course it is "referer", my mistake thanx > > The _referer_ should be my own server, since it is from where the POST > > originate, but in this particular case, from this IP-adress, the referer > > disapears sometimes... > > Bug (or feature) of the Brwoser? > > Anyway, you can't rely on Referer: header for validation of the > data, as you can spoof it easily. > > -- > Tatsuhiko Miyagawa <[EMAIL PROTECTED]> -- Anders Knuts [EMAIL PROTECTED] -Varför använda en massa främmande ord när det finns en adekvat svensk vokabulär?-
Re: POST without any content - sometimes
Yes of course it is "referer", my mistake thanx The _referer_ should be my own server, since it is from where the POST originate, but in this particular case, from this IP-adress, the referer disapears sometimes... /Anders Tatsuhiko Miyagawa skrev: > On Tue, 12 Feb 2002 20:03:22 +0100 > Anders Knuts <[EMAIL PROTECTED]> wrote: > > > xxx.xxx.25.50 - - [10/Feb/2002:21:15:33 +0100] "POST > > /cgi-bin/mboard/message.pl HTTP/1.1" > > 200 88 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)" > > > > xxx.xxx.25.50 - - [10/Feb/2002:21:15:36 +0100] "POST > > /cgi-bin/mboard/message.pl HTTP/1.1" > > 200 1683 "http://www.servern.nu/main.html"; "Mozilla/4.0 (compatible; > > MSIE 5.5; Windows NT 5.0)" > > > > The first POST is erronuos as there is no content ("-") and the script > > won't accept it as vaild. > > If this log's LogFormat is "combined", the field you point means HTTP > Referer, not the content of the POST request. > > > The scond POST is okay as it has content > > ("http://www.servern.nu/main.html";). > > -- > Tatsuhiko Miyagawa <[EMAIL PROTECTED]>
Re: POST without any content - sometimes
Yes, of course i did, sorry. I don't think I'm experienced enough to know how to use tcpdump in this case, though... Any hints? /Anders Ged Haywood skrev: > Hi there, > > On Fri, 15 Feb 2002, Anders Knuts wrote: > > > Hi again! > > No one got a clue to my problem? A hunch or just a feeling would do just > > fine :-) > > Didn't you get my reply? > > 73, > Ged. > -- > >From [EMAIL PROTECTED] Fri Feb 15 17:39:58 2002 > Date: Tue, 12 Feb 2002 19:42:32 + (GMT) > From: Ged Haywood <[EMAIL PROTECTED]> > To: Anders Knuts <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: POST without any content - sometimes > > Hi there, > > On Tue, 12 Feb 2002, Anders Knuts wrote: > > > I have a board script to which users can post (of course) > > One IP-address has sometimes problems posting to that script, though. > [snip] > > really isn't mine, but what causes it??? How can the POST loose it's > > content like that? [snip] Could it be some kind of proxy-web-cache or > > something that causes the problem? > > No idea. Sounds like a lot of fun though. Time to dig out tcpdump? > > > Please excuse my poor english... > > It's fine. > > 73, > Ged. -- Anders Knuts [EMAIL PROTECTED] -Varför använda en massa främmande ord när det finns en adekvat svensk vokabulär?-
Re: POST without any content - sometimes
Hi again! No one got a clue to my problem? A hunch or just a feeling would do just fine :-) /Anders Anders Knuts skrev: > Hi! > I have a board script to which users can post (of course) > One IP-address has sometimes problems posting to that script, though. > Look at the log's below. > > xxx.xxx.25.50 - - [10/Feb/2002:21:15:33 +0100] "POST > /cgi-bin/mboard/message.pl HTTP/1.1" > 200 88 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)" > > xxx.xxx.25.50 - - [10/Feb/2002:21:15:36 +0100] "POST > /cgi-bin/mboard/message.pl HTTP/1.1" > 200 1683 "http://www.servern.nu/main.html"; "Mozilla/4.0 (compatible; > MSIE 5.5; Windows NT 5.0)" > > The first POST is erronuos as there is no content ("-") and the script > won't accept it as vaild. > The scond POST is okay as it has content > ("http://www.servern.nu/main.html";). > This happens ONLY to that IP-address. Since I havn't been able to find > anything to do about the problem, and since it seems to come and go, and > > since it is only that IP-address, i draw the conclusion that the problem > > really isn't mine, but what causes it??? How can the POST loose it's > content like that? > I know who the user is so I know it's an actual post that he tried to > make. The IP-address is an alias to a whole net with NAT (Linux). Could > it be some kind of proxy-web-cache or something that causes the problem? > > Please excuse my poor english... > > Best Regards > Anders, admin servern.nu -- Anders Knuts [EMAIL PROTECTED] -Varför använda en massa främmande ord när det finns en adekvat svensk vokabulär?-
POST without any content - sometimes
Hi! I have a board script to which users can post (of course) One IP-address has sometimes problems posting to that script, though. Look at the log's below. xxx.xxx.25.50 - - [10/Feb/2002:21:15:33 +0100] "POST /cgi-bin/mboard/message.pl HTTP/1.1" 200 88 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)" xxx.xxx.25.50 - - [10/Feb/2002:21:15:36 +0100] "POST /cgi-bin/mboard/message.pl HTTP/1.1" 200 1683 "http://www.servern.nu/main.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)" The first POST is erronuos as there is no content ("-") and the script won't accept it as vaild. The scond POST is okay as it has content ("http://www.servern.nu/main.html";). This happens ONLY to that IP-address. Since I havn't been able to find anything to do about the problem, and since it seems to come and go, and since it is only that IP-address, i draw the conclusion that the problem really isn't mine, but what causes it??? How can the POST loose it's content like that? I know who the user is so I know it's an actual post that he tried to make. The IP-address is an alias to a whole net with NAT (Linux). Could it be some kind of proxy-web-cache or something that causes the problem? Please excuse my poor english... Best Regards Anders, admin servern.nu