Hello: It occurs to me that it could be a mechanism to protect from a DOS attack. Consider the following attack vector: You encounter a server which requires authentication for a resource. You then flood the server with POST requests with very large payloads, requiring the server to receive the entire request before formulating the 401 response. With a large enough flood, you can overwhelm the server and cause denial of service.
I guess a way to overcome this in the client side would be to send a HEAD request prior to establish if the resource is available for consumption. If not, the server will respond with 401 and your client can then send the appropriate authentication credentials. Also, if the server is responding prematurely, doesn't it mean that the request connection was aborted? And if this is the case, shouldn't the HttpCli component detect this and stop sending? This still won't prevent any data currently in transit from generatinga 402 error response when it arrives at the server. -dZ. >------- Original Message ------- >From : Maurizio Lotauro[mailto:[EMAIL PROTECTED] >Sent : 9/17/2008 1:10:47 PM >To : firstname.lastname@example.org >Cc : >Subject : RE: Re: [twsocket] Early web server response > Yes. Using "Follow TCP Stream" of WireShark I see the answer in the middle of the request. Then I checked the single packet (ordered by time) and it is effectively so. This happen by a customer that use IIS, then I reproduced it on our server (that use Apache). Maybe a Tomcat issue? Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be