We host a fair amount of publicly accessible web sites in our research department here.  Yesterday we resolved an issue which I think would affect others who may host public websites.

 

Conditions:

-          Firefox version 3.0.7 (no indications it affects prior versions, affects both PC, OSX, assuming *nix also)

-          Accessing website hosted on campus from off-campus

-          Submitting multipart form data (POST data)

 

Symptoms:

-          Firefox lingers non-responsive for about 5 minutes then sometimes reports an error or just plain fails, POST data never gets through

 

Cause:

-          Campus IDS rule was being triggered by the delimiter sent by Firefox when delimiting the fields in the form data, causing transaction to essentially break without feedback

 

This was affecting everything from trying to send squirrelmail, to our in-house development apps.  Upon pretty sincerely identifying the problem we were able to work quickly with ACNS to get the rule fixed, so thanks ACNS.  If I remember correctly the ‘rule’ went into the system around March 9^th, 3.0.7 was released around March 4^th I think.  Maybe somehow it was just our traffic getting flagged; but since IDS misfires can be a troubling problem to diagnose I thought I would pass this on to anyone that may be trying to debug a similar issue.

 

-          Joe

 

Joseph M. Deming
System Administrator

MATRIX/H-Net
415 Nat Sci Bldg
East Lansing, MI 48824
(517) 884-2472
[log in to unmask]