|
Posted by Walter Roberson on July 24, 2006, 11:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>I run a website that has forms (non-SSL) that cannot be properly
>submitted by a few of my customers. The problem can be easily
>reproduced using a small test form, and occurs only when the size of
>the POST data exceeds more than a couple of KB. It looks like the
>customer's end is dropping some of the form data packets, so the server
>at my end and their Internet explorer eventually times out. I have run
>an ethernet packet analyzer (Ethereal) and can see the gaps in the data
>packets during the test.
>The problem continues even if I totally switch server environments at
>my end for the test (Linux to WinXP, Apache to IIS, swapped router and
>ADSL modem). I could not test non-IE browsers at the client end.
It isn't completely clear from what you post as to whether you
have a firewall on your end ?
>I suspect the problem is still at my end as these customers don't have
>this problem when they access other sites to submit forms with large
>amounts of POST data. However, the problem goes away if they bypass
>their firewall (i.e. if a laptop user dials up directly to the internet
>to access my site).
The behaviour you describe is what I would expect if ICMP Fragmentation
Needed messages are being generated by something along the route,
but those messages are not getting back to the other end.
(ICMP FragNeeded is a specialization of ICMP Unreachable.)
It -could- happen at the ISP level, but not too many ISPs are
foolish enough to filter those messages (well, not after the
first few thousand complaints.) It is, though, a common mistake
in configuring LAN firewalls: people tend to think of all
icmp except ECHO REPLY as being "unsolicited" and thus something
that needs to be blocked.
| 
XML site map