Re: BigIP / ASP.NET Webservice Bad Request

From: Johan Burman (johan.burman_at_sorry.cant.tell.com)
Date: 02/18/05 

Date: Fri, 18 Feb 2005 14:04:37 +0100

Thanks for the reply!

Egbert Nierop (MVP for IIS) wrote:

> You mean on URL sizes...

I read about this limit here: http://support.microsoft.com/?id=820129

It says request line + headers. I figured the post data are part of the
headers, but I might be wrong there... Anyways, as long as BigIP stays
out of the loop, it works.

> Webservices, by default use a POST verb, not a GET verb.

Yes

> Bad Request is in fact that IIS says that the client sends an
> incomplete or invalid request. In your case, I suspect that the BigIP
> router, does not buffer or pass-through the whole request and cuts
> off data which results in the bad request. Please consult your bigIP
> docs.

Yes, but I cant find where the request goes bad, see below...

> ps: It would help, to install netmon.exe (this is a network sniffer
> from the Windows 2000 server CD!) and install the network monitor
> driver in your network applet. Filter on HTTP and you'll see exactly
> what IIS receives from the external clients.

I did, but I used ethereal and wincap, and there are no real differences
between a what goes into the BigIP-box and what comes out of it. Also,
when running without the BigIP-box, the request looks very similar...

One thing with the captured data though; it appears as the post data is
sent regardless of the server response. Ie, postdata is sent by the
client even though the server sends a 401. Is this normal? Isn't it
possible that this data corrupts the next request? (But why would the
server be more sensitive about this when BigIP is involved?)

thanx//J

Relevant Pages

  • [REVS] NTLM HTTP Authentication is Insecure By Design
    ... in front of a web server, and that proxy server shares a single TCP ... These are attacks that make use of non-RFC HTTP requests (HTTP Request ... the authentication is associated with the ...
    (Securiteam)
  • [NT] 04WebServer Multiple Vulnerabilities (CSS, Log File Injection, AUX DoS)
    ... 04WebServer is a HTTP server developed by Soft3304 for Windows platforms. ... Characters into Log File ... filtering on the request URL before writing it into the log file. ... following HTTP request, when submitted to a vulnerable 04WebServer, will ...
    (Securiteam)
  • Re: breaking the model
    ... > The forms data then is in the Request object. ... HTTP Request; in this case, the form POST Request from the Page. ... client and server. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Anonymous Anonymity - Request For Comments
    ... > and request that you reply directly to my e-mail address. ... > for the entity wishing to preserve their anonymity. ... > the machine can perform as a Intermediary Server and / or as a Intermediary ... > The software then attempts connection to a Intermediary Server. ...
    (Bugtraq)
  • Re: BASIC authentication Issues with IE - Part II - Solved but WHY?
    ... We have complete control of the Request and Response ... it is up to the browser to send the credentials. ... ASP runs internally on the server. ...
    (microsoft.public.inetserver.iis.security)