Re: URLScan

From: Wade A. Hilmo [MS] (wadeh@microsoft.com)
Date: 07/15/02 

From: "Wade A. Hilmo [MS]" <wadeh@microsoft.com>
Date: Sun, 14 Jul 2002 16:34:26 -0700

Hi Mike,

Are you using UrlScan to remove or alter the server header in the response?

UrlScan uses the SF_NOTIFY_SEND_RESPONSE notification to remove or set the
server header in the response going back to the client. For this to work,
the piece of code that's sending the response must send back the entire set
of headers at once (which is the way that most code works). It is possible
for an ISAPI extension to send back an incomplete set of headers, followed
by some more data that contains additional headers. Unfortunately the
SF_NOTIFY_SEND_RESPONSE notification assumes that the headers are complete,
and will add the final "\r\n\r\n" to the response when the filter returns.
The symptom you'll seen when any ISAPI filter (like UrlScan) modifies any
response header in this scenario is that any "extra" response headers sent
later will end up being part of the entity body.

It sounds like this is probably happening with Cold Fusion. If so, then any
ISAPI filter that modifies response headers would produce this symptom. The
only solution I can offer to address the issue from UrlScan (other than
contacting the vendor for Cold Fusion) is to set RemoveServerHeader=0 and
make sure that AlternateServerHeader is blank.

I hope this information is useful,
-Wade Hilmo,
-Microsoft

"Mike A" <mikea@msdg.com> wrote in message
news:eop3ZsbKCHA.1772@tkmsftngp09...
> Jeff,
>
> thank you for your reply. I've checked the urlscan logs and there
> doesn't seem to be anything relating to coldfusion. There is a lot of
> blocking for the .ida extension. I've tryed adding the .cfm and .dbm
> which are valid coldfusion extensions to the filter in the urlscan.ini
> file and activating the filter for allowed extensions. But then nothing
> works. The index.html or any other file doesn't fire at all when I
> requested in the browser. Is there any thing else i should look at?
>
>
> Thank you,
>
> Mike
>
> *** Sent via Developersdex http://www.developersdex.com ***
> Don't just participate in USENET...get rewarded for it!

Relevant Pages

  • Re: Newsgroups with large number of posts hangs OE
    ... My response was an unsubtle reference to my frustration with OE's bugs. ... settings in the large NGs I susbscribe to to "headers only" then use the "Sync All" button which then proceeds to d/l all the headers of these large NGs. ... I suppose that could possibly be due to the server of that particular NG.....I dunno. ... The best way to do this is to right click on the folder name in the folder list. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Igor, pAPP toolkit questions
    ... data will result in authorization and the same response at a later ... although this post deals with outgoing stuff and NTLM credentials, ... this using the pAPP toolkit that would be just excellent! ... > headers have been fully prepared. ...
    (microsoft.public.inetsdk.programming.webbrowser_ctl)
  • Re: Alert box doesnt appear
    ... response which consists of headers and content. ... and provides the location information (in this ... If you want to have a message box and then navigate to the next page, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: How could this possibly happen (HttpURLConnection + simple JSP page)
    ... In PHP that would throw some nasty HTTP-related warnings and potentially break the page as you are changing the headers after HTML display? ... You are writing code in a special format that is compiled in to a servlet, which is then executed by the server when the page is requested. ... The other thing is that writing things "after HTML display" is probably very difficult as the display is done on the users computer when they have recieved the response. ... When you create a response for the user it does not necessarily get sent back as soon as you start, and more importantly the headers do not necessarily finish as soon as you start writing to the body. ...
    (comp.lang.java.help)
  • Re: Server Side filtering (as pertains to Google Groups)
    ... headers are included in the overview headers, ... don't need a proxy to filter on that header). ... The effect is to retrieve bodies only for articles whose headers have ... the user can choose to download it or not. ...
    (news.software.readers)