TCP/IP HTTP fault tolerant connection ending via ISA server

  • From: "David Farinic" <davidfa@xxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 2 Mar 2006 15:28:30 +0100

[WebServer] http connection-> Reset(RST) [ISA] ->FIN! [Web Client]

Observed consequences:

-When posting to web forums with HTTP POST and reply from webserver is
for     some internet spaghetti reason broken, ISA gets tcp ip http
connection      ending with RST ISA translates it to web client behind
it as FIN ...   which leads to web clients believing they got data
correctly       completely!

        On web forums this results in double posting (as users don't see
their   reply). 

-AV updating services might not update their signature databases on
time.

This might cause potential problem with web-services and other
communication utilizing HTTP protocol.

REASON: Web applications reports wrong data retrieval only if TCP/IP
carrying http ends with Reset(RST) packet.

WORKAROUND: adding data integrity checking into data/sub-protocol
utilizing http carrier.

Tested on ISA2k4 and ISA2k:

With Kind Regards David Farinic.

  
This mail was checked for viruses by GFI MailSecurity. 
GFI also develops anti-spam software (GFI MailEssentials), a fax server (GFI 
FAXmaker), and network security and management software (GFI LANguard) - 
www.gfi.com 



Other related posts: