We host a fair amount of publicly accessible web sites in
our research department here. Yesterday we resolved an issue which I
think would affect others who may host public websites.
Conditions:
-
Firefox version 3.0.7 (no indications it affects prior
versions, affects both PC, OSX, assuming *nix also)
-
Accessing website hosted on campus from off-campus
-
Submitting multipart form data (POST data)
Symptoms:
-
Firefox lingers non-responsive for about 5 minutes then
sometimes reports an error or just plain fails, POST data never gets through
Cause:
-
Campus IDS rule was being triggered by the delimiter
sent by Firefox when delimiting the fields in the form data, causing transaction
to essentially break without feedback
This was affecting everything from trying to send
squirrelmail, to our in-house development apps. Upon pretty sincerely
identifying the problem we were able to work quickly with ACNS to get the rule
fixed, so thanks ACNS. If I remember correctly the ‘rule’
went into the system around March 9th, 3.0.7 was released around
March 4th I think. Maybe somehow it was just our traffic
getting flagged; but since IDS misfires can be a troubling problem to diagnose
I thought I would pass this on to anyone that may be trying to debug a similar
issue.
-
Joe
Joseph M. Deming
System Administrator
MATRIX/H-Net
415 Nat Sci Bldg
East Lansing, MI 48824
(517) 884-2472
[log in to unmask]