Hi Roland, I suspect that's your answer, Webstar vs. Apache.
The Witango platform (or even PHP, ColdFusion, etc...) is just an add-on to the Webserver - and from what I understand, it can only provide instructions with regards to HTTP (and other output) to the Webserver that manages it, but the Webserver has the final control over "exactly" what gets sent. All the different brands of Webservers have their own interpretation on how to make HTTP as efficient as possible, so each will make different decisions on when to close or reset, or manage things like Keep-Alives. Again, here's another example of where to use an HTTP Sniffer to see what's going on. Hope this helps. Cheers... -----Original Message----- From: Roland Dumas <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Sat, 21 Feb 2004 09:59:07 -0800 Subject: Re: Witango-Talk: MS Security patch preventing postargs from being submitted > I remain perplexed: > 1. how come SSL hit to one site gets postargs stripped while SSL hit to > > clone site (same everything) worked? > 2. If http resetting is involved, is that witango server or, in my > case, webstar -specific? Apache does differently? > > > On Feb 21, 2004, at 9:46 AM, Scott Cadillac wrote: > > > Hi Roland, > > > >> The bigger question, if this is true, is what is witango doing that > >> other app servers isn't doing? > > > > Probably nothing different. > > > > (Excellent research by the way Roland) > > > > The heart of the issue (that you point to with KB831167) contains > this > > text: > > > > "Security Patch q832894 included a fix to make Internet Explorer work > > better with Web servers that reset http connections when requesting > > authentication credentials from the client computer during a POST > > request. However, Web servers that reset an http connection with > > Internet > > Explorer for other reasons may experience errors when Internet > Explorer > > attempts to reset the connection to the server." > > > > [Above from] http://www.microsoft.com/downloads/details.aspx? > > FamilyID=254EB128-5053-48A7-8526-BD38215C74B2&displaylang=en > > > > I think it's obvious that the MS Engineers just didn't think of > > everything when putting this patch together. > > > > There is wide range of different ways to use HTTP, and this is not > the > > first time MS missed something when putting a Security patch > together. > > > > Remember the IIS Lockdown tool? It has an optional component called > > URLScan that is designed to stop malicious attacks to IIS, by > filtering > > them at the HTTP level with an ISAPI filter (before it reaches > > application > > files or the underlying OS). > > > > One of the problems with URLScan (under it's default configuration) > is > > that it didn't allow for application files with extensions other than > > *.asp and a few others. So Witango, PHP, ColdFusion and even > FrontPage > > Extensions stopped working after installing URLScan. > > > > The following article shows how to fix URLScan for ASP.NET for > example. > > MS even broke it's own great new web technology - sad, but true. > > > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;815155 > > > > Hope this helps. Cheers.... > > > > Scott Cadillac, > > 403-281-6090 ~ [EMAIL PROTECTED] > > ------------ > > XML-Extranet ~ http://xmlx.ca ~ http://forums.xmlx.ca > > Well-formed Programming in C# .NET, Witango, MSIE and XML > > ------------ > > Witango ~ http://witango.org > > EasyXSLT ~ http://easyxslt.ca > > IIS Watcher ~ http://iiswatcher.ca > > ------------ > > > > > > -----Original Message----- > > From: Roland Dumas <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Date: Sat, 21 Feb 2004 08:50:42 -0800 > > Subject: Re: Witango-Talk: MS Security patch preventing postargs from > > being submitted > > > >> > >> On Feb 21, 2004, at 8:48 AM, Mike R. M. Young wrote: > >> > >>> Well that explains a few weird bits. It has only been noted on my > own > >>> machine in this office, (running NT4 server fully updated) and > would > >>> only appear to happen later in a given day. IE, when the ram is > >>> heavily fragmented from a days use. I chocked it up to lack of ram > >> and > >>> fragmented memory, but this is makes much more sense. > >>> Is there a solution? The next MS Security patch for instance? > >> > >> the report is: > >> Breaks it: > >> MS04-004 Cumulative Security Update for Internet Explorer (832894) > >> � > >> Fixes it: > >> Microsoft KB831167 > >> > >> The bigger question, if this is true, is what is witango doing that > >> other app servers isn't doing? > >> > >> > ______________________________________________________________________ > >> _ > >> _ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > _______________________________________________________________________ > > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
