OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mike Arnold (mike_at_midkaemia.fsnet.co.uk)
Date: Mon Aug 19 2002 - 16:18:02 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Monday 19 Aug 2002 8:32 pm, Michael B. Morell wrote:
    > I was wondering if anyone can verify a pattern that I just came across.

    Maybe - read on!

    > So my question is, does anyone know whether or not that this is some sort
    > of valid AOL proxy behavior where a request for a single page can go thru
    > multiple proxies? Spawning multiple proxies to request information that
    > generally only 1 proxy would get. (ie, a request for a web page resulted
    > in 3 different hosts getting different parts of the page, all off of the
    > same aspsession id)

    1 question: How do you know they got different parts of the page?

    OK. I never like to make assumptions, but I will make one here. I am assuming
    you are answering requests to http:// and NOT https:// where you see this
    problem.

    We have seen a very similar problem from both AOL proxy servers and Freeserve
    proxy servers. Basically the proxy is either misconfigured or just plain
    broken and actually caches HTTP headers as well as page content. We saw it
    for a session cookie, not the asp session, but one of our own, and it
    resulted in some application confusion to say the least. Don't know if this
    is the case now or not.

    The problem was when a session went https:// -> http:// -> https://. If 2
    people followed this path, then the second had picked up the cookie of the
    first when returning to https://

    Our fix was simple. We removed the http:// links within the same domain and
    made them https://. Shouldn't have been there anyway. Not sure how you would
    fix it for simple http:// requests though. The cookie will probably be being
    spread across the different proxies by load balancing if that is the case.
    Can't explain why they would be sequentail though unless they had all logged
    on at the same time and come to view your site at the same time.

    Don't know if that answers it, but that's what we saw!

    Mike 

    --

     "In their capacity as a tool, computers will be but a ripple on the 
   surface of our culture. In their capacity as intellectual challenge, 
   they are without precedent in the cultural history of mankind." 
	Edsger Wybe Dijkstra on Computers

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com