On Debian Stable:
Apache/2.0.54 (Debian GNU/Linux) mod_ssl/2.0.54 OpenSSL/0.9.7e DAV/2 SVN/1.1.4
The front-end server is Internet facing and listens to port 80 and
443 SSL. It proxies request to a back-end Apache mod_perl server.
I have one user that when they post a form *in SSL* mode the post
fails due to lack of correctly posted data: The content-length header
is zero.
When they post to a form that is not SSL then it works fine.
This seems to be the case of:
http://support.microsoft.com/default.aspx?kbid=831167
And discussed here:
http://geekswithblogs.net/timh/archive/2006/01/26/67183.aspx
I can dump request headers on the mod_perl server and I can see the
request has a content-length of zero:
Here's the request headers on the back-end server:
Cache-Control: no-cache
Via: 1.1 foo
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Accept-Encoding: gzip, deflate
Accept-Language: en-us
Host: 127.0.0.1:10443
Max-Forwards: 10
Referer: https://foo/workshop/register/billing
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Content-Length: 0
Content-Type: application/x-www-form-urlencoded
Cookie: session=2e4e14be71afa8ae92dea02cb9c4a4a3899999d3
X-Forwarded-For: 64.166...
X-Forwarded-Host: foo
X-Forwarded-Server: foo
What I'm not clear on is that Microsoft report says this is a result
of a change to IE that makes IE:
...retries POST requests when a Web server resets the connection.
Programs that use Windows Internet (Wininet) application
programming interface (API) functions to post data (such as a user
name or a password) to a Web server retry the POST request without
including the POST data if the Web server closes (or resets) the
initial connection request.
Since my SSL server is on the front end I can't (or don't know how
to) see the actual request headers. But the front access_log only
shows *one* POST so I don't see how it would be retrying the request.
That is, how do I know if the front-end server is resetting the
request? Is this something at the tcp level (I could see with
ethereal) or something within the SSL http request that I couldn't
see with ethereal/wireshark?
Or is Microsoft making this up and just failing to submit the posted
data for some reason when in SSL mode.
--
Bill Moseley
[EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
