For the techies in my life...

Mar. 23rd, 2007 09:18
mapsedge: Me at Stone Bridge Coffee House (Titanic)
[personal profile] mapsedge
So, does anyone know of a network security thing-y that watches URLs and kills any attempt at browsing if the URL gets above a certain length or contains characters that have been URLEncoded?

One of our clients is threatening to tear up their contract unless we can fix that problem, or find a workaround for it...

First step is identifying the cause, and I'm flummuxed.  When performing a vehicle search, the URL is about 250 characters long.  When you select page 2, it jumps to 671 characters long - that's valid for our system by the way, and none of our other customers have reported a problem. 

Only the computers at this one dealership have this symptom: page 1 displays fine.  Page 2 returns a blank screen.  Not even the obligatory <html></html> in the source that IE seems to toss in just for fun when there's nothing to display.  It just dies.

I'm starting by moving some processing out of the querystring and into a text file or the database.  That'll shorten it up by quite a bit.  I'd like to have a reasonable explanation for the client, though.
Threaded | Top-Level Comments Only

Date: 2007-03-23 14:33 (UTC)
From: [identity profile] ladyniniane.livejournal.com
If it is just the one dealership with issues, I would be curious about a couple of things - is there anything unusual about the browsers that they are using (IE7 vs 6, Firefox at some back level), and do they have any odd hardware or software configurations that might be getting in the way (a strange firewall setup or a machine with minimum RAM and graphics capability, like a low-end laptop, for example)?

My 2p worth...

Date: 2007-03-23 14:39 (UTC)
From: [identity profile] billthetailor.livejournal.com
IE6 on Windows XP, several different machine configurations.

I suspect it's their firewall, but I don't want to dive into that pool without checking the depth first, you know?

For the record, Firefox and Netscape don't seem to have this limitation.

Date: 2007-03-23 14:45 (UTC)
From: [identity profile] jehosefatz.livejournal.com
Don't know of a network security thing, but each browser has an internal URL size limit (apart from the protocol specification limit for GET (1k) and POST (HTTP server defined) query strings) and HTTP servers usually have their own, configurable limit for URL sizes. I know this because we hit this problem in one of our applications. The only workaround we found for it was making the URL smaller.

On the browser side, IE's limit is both smaller than Firefox's and less elegantly handled. Microsoft states that the URL limit for IE is 2084 chars, but I believe that to be version specific and to have been increased in 2006 sometime with an update to IE 6. We hit it in 2005 with < 1k of URL.

You might validate the version of whatever browser they're using versus other customers who aren't having the problem. We recently hit an issue in IE where a security patch applied to IE6 in November 2006 hosed cross window javascript communication in some cases.

You might check the logs for the HTTP server though. IE doesn't supply the tags. That would lead me to believe that something is happening on the server side before the headers are prepared. It's possible that something is being added to the URL or it's being munged into a state that the server doesn't like (maybe something isn't encoded well.) We have this problem periodically with some users in regards to toolbars (Yahoo, Google, etc) and misc crap they're not supposed to have installed.

- Jeho

Date: 2007-03-23 14:46 (UTC)
From: [identity profile] jehosefatz.livejournal.com
Firewall is also possible, since most of them are basically glorified HTTP servers anyway. This would be especially true if they're doing NAT or URL rewriting.

- Jeho

Date: 2007-03-23 15:00 (UTC)
From: [identity profile] jehosefatz.livejournal.com
In fact, the more I think of it (and the more coffee I ingest... it's not even 8a here yet) the more likely I think the firewall is the culprit. Depending on what appliance or software they're using it may limiting the URL length and/or also be doing filtering.

Silly me, I guess. I still assume that most businesses are stupid and don't have a firewall.

- Jeho

Date: 2007-03-23 15:29 (UTC)
From: [identity profile] iarraidh.livejournal.com
I'd like to have a reasonable explanation for the client, though

I face this regularly with the caliber of user we support.

Telling them they're a Knob is rarely helpful, though momentarily gratifying :)

Date: 2007-03-23 16:51 (UTC)
From: [identity profile] jehosefatz.livejournal.com
This is my preferred response. Fortunately, my customers are all internal and I don't care about vendors. It's seen as part of my folksy and curmudgeonly charm.

I'm cultivating a Wilfred Brimley-esque old age.

- Jeho
"Eat your oatmeal. You knob!"

Date: 2007-03-23 17:00 (UTC)
From: [identity profile] iarraidh.livejournal.com
I'm jealous!

and also - Well Done!

I always wanted a Jack Nicholson kinda banter, where the target initially felt all schmoozed up and only later realized they had been insulted; yet the contact felt so good they wanted More.

But there isn't enough of that DNA in the pool :)
Threaded | Top-Level Comments Only

Profile

mapsedge: Me at Stone Bridge Coffee House (Default)
mapsedge
Seamlyne Reproductions

Navigation

June 2023

S M T W T F S
    123
45678910
11121314151617
1819 2021222324
252627282930 

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 19th, 2026 23:51
Powered by Dreamwidth Studios