Re: Why is IPS blocking some clients
- From: "Tom" <thilbig@xxxxxxxxxxxxx>
- Date: 24 Oct 2006 12:39:49 -0700
The last two worked with one customer, but only because this format
seems to pack the POST data much more efficiently when sent back to the
server that way. I discovered earlier that that customer's site was
allowing POST data through if the response was contained in one packet
(content-length < 1500 bytes). The original multipart/form-data
version required multiple packets for the same POST data, so the
customer's IPS stopped it.
I tried the no-enctype, and enctype=application/x-www-form-urlencoded"
on a form with data that required multiple packets (content-length >
1500) and the same failure occured.
Here is a single-field form that fails on the same customer because the
amount of data is about 2KB. Their IPS is blocking the post submission
(probably sending the client a RST).
If you have an IPS with logging, please try it and tell me what is
wrong with it.