- From: Emilio Mira Alfaro <emial@alumni.uv.es>
- Date: Wed, 21 Jan 2004 15:27:17 +0100 (CET)
- To: www-talk@w3.org
- Cc: Maarten Van Horenbeeck <maarten.vanhorenbeeck@be.ubizen.com>
Hello list, I've tried to find on the Internet something that answers my question but I didn't find it, so may be somebody there could give me a hand. I've got an antivirus system working as proxy. It sends HTTP/1.0 requests splitted in two different segments: -------------------------------- Antivirus > IIS 5.0: SYN IIS 5.0> Antivirus : SYN, ACK Antivirus > IIS 5.0: ACK Antivirus > IIS 5.0: HTTP request (part 1) GET / HTTP/1.0 [cr][lf] User-Agent: Wget/1.8.1 [cr][lf] Host: x.x.x.x [cr][lf] Accept: */* [cr][lf] Forwarded: by (proxy) [cr][lf] connection: close [cr][lf] IIS 5.0> Antivirus : ACK Antivirus > ISS 5.0: HTTP request (part 2) [cr][lf] ISS 5.0> Antivirus : ACK ISS 5.0> Antivirus : HTTP Error HTTP/1.1 500 Server Error Server: Microsoft-IIS/5.0 Date: Wed, 14 Jan 2004 07:54:10 GMT Content-Type: text/html Content-Length: 102 <html><head><title>Error</title></head><body>The system cannot find the file specified. </body></html> -------------------------------- As shown above, the first HTTP request corresponds to the HTTP headers and the second one contains a plain [cr][lf]. Some servers accept this kind of request but some others don't. All "500: Server Error" messages come from IIS 5.0 servers. Since this two segments should arrive in the webserver software as a unique flow reconstructed by the TCP layer, it shouldn't make any difference between using one or two TCP segments. However, I've tested this by sending only one TCP segment that includes the last [cr][lf] and I could get the a succesful response from the server. Has anybody experimented this problem before? Thanks in advance, Emilio -- Emilio Mira e-mail: emial@alumni.uv.es
Received on Wednesday, 21 January 2004 09:28:13 UTC