Re: Why is IPS blocking some clients




Tom wrote:
The last two worked with one customer, but only because this format
seems to pack the POST data much more efficiently when sent back to the
server that way. I discovered earlier that that customer's site was
allowing POST data through if the response was contained in one packet
(content-length < 1500 bytes). The original multipart/form-data
version required multiple packets for the same POST data, so the
customer's IPS stopped it.

I tried the no-enctype, and enctype=application/x-www-form-urlencoded"
on a form with data that required multiple packets (content-length >
1500) and the same failure occured.

Tom

Here is a single-field form that fails on the same customer because the
amount of data is about 2KB. Their IPS is blocking the post submission
(probably sending the client a RST).

www.sygration.com/cgi-bin/banana67

If you have an IPS with logging, please try it and tell me what is
wrong with it.

Tom

.