Re: AOL "proxy" behavior?

From: Mike Arnold (mikeat_private)
Date: Mon Aug 19 2002 - 14:18:02 PDT

  • Next message: Jeff Jirsa: "Re: AOL "proxy" behavior?"

    On Monday 19 Aug 2002 8:32 pm, Michael  B. Morell wrote:
    > I was wondering if anyone can verify a pattern that I just came across.
    Maybe - read on!
    > So my question is, does anyone know whether or not that this is some sort
    > of valid AOL proxy behavior where a request for a single page can go thru
    > multiple proxies?  Spawning multiple proxies to request information that
    > generally only 1 proxy would get.  (ie, a request for a web page resulted
    > in 3 different hosts getting different parts of the page, all off of the
    > same aspsession id)
    1 question: How do you know they got different parts of the page?
    OK. I never like to make assumptions, but I will make one here. I am assuming 
    you are answering requests to http:// and NOT https:// where you see this 
    We have seen a very similar problem from both AOL proxy servers and Freeserve 
    proxy servers. Basically the proxy is either misconfigured or just plain 
    broken and actually caches HTTP headers as well as page content. We saw it 
    for a session cookie, not the asp session, but one of our own, and it 
    resulted in some application confusion to say the least. Don't know if this 
    is the case now or not.
    The problem was when a session went https:// -> http:// -> https://. If 2 
    people followed this path, then the second had picked up the cookie of the 
    first when returning to https://
    Our fix was simple. We removed the http:// links within the same domain and 
    made them https://. Shouldn't have been there anyway. Not sure how you would 
    fix it for simple http:// requests though. The cookie will probably be being 
    spread across the different proxies by load balancing if that is the case. 
    Can't explain why they would be sequentail though unless they had all logged 
    on at the same time and come to view your site at the same time.
    Don't know if that answers it, but that's what we saw!
     "In their capacity as a tool, computers will be but a ripple on the 
       surface of our culture. In their capacity as intellectual challenge, 
       they are without precedent in the cultural history of mankind." 
    	Edsger Wybe Dijkstra on Computers
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 09:30:32 PDT