Monday·18·September·2006
Fixing server bugs on client side //at 15:35 //by abe
On my new job at ETH Zurich I stumbled over a lot of HTTP requests in
the web server log file, obviously trying to fetch the automatic proxy
configuration file (usually called proxy.pac) but requesting it with the last
character missing and therefore requesting the nonexistent file proxy.pa:
195.176.XX.AB - - [16/May/2006:11:12:56 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.YY.CD - - [16/May/2006:11:16:32 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.ZZ.EF - - [16/May/2006:11:18:38 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.YY.CD - - [16/May/2006:11:24:16 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.ZZ.GHI - - [16/May/2006:11:31:44 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.XX.J - - [16/May/2006:11:33:35 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)" 195.176.ZZ.LMN - - [16/May/2006:11:35:18 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
WTF happend here? When I found a bunch of those request from a single host last night, I expected a local cut and waste typo on a single box. But during the day I got the same sort of defective requests from over 30 hosts in our network. So we looked at our dhcpd.conf, but all appearances of “proxy.pac” had its “c” at the right place.
WTF is happening here? After googling for a moment I found this mail on the squid users mailing list, stating the following:
WPAD worked reasonably well for WindowsNT and Windows2000; however, there was a problem with the file name in Windows2000 and the initial release of WindowsXP. The Microsoft DHCP Service returned the wrong byte count for the string returned for option 252. The DHCP Client compensated for this by decrementing the string length. This resulted in the file name being truncated when the ISC DHCP daemon was used. The solution was to define a symlink proxy.pa –> proxy.pac.
So in other words: Microsoft worked around a off-by-one bug in their own DHCP server by patching their DHCP client to parse faulty configurations — and obviously only faulty configurations by expecting some length statement to be always off-by-one. *hrrrrng*
Our solution was BTW to insert an appropriate Alias directive into our
Apache web server hosting the file.
Tagged as: Admin, Apache, Bugs, DHCP, ETH Zürich, HTTP, ISC, Microsoft, MSIE, Proxy, proxy.pac, Rant, WTF
// show without comments // write a comment
Related stories
Thursday·02·March·2006
Trojans must stay out //at 02:32 //by abe
On Heise’s security site HeiSec, Microsoft is advertising (in German) with a Flash animation of a rolling, black horse approaching the reader. Then suddenly a red gate closes and a text apprears:
Trojans must stay out.
If we translate this back to ancient greek history, it would say:
Microsofties must stay out
since Trojans were the inhabitants of Troy (German: Troja) and in the horse were the Greek aggressors. So I strongly agree. ;-)
I really hate it, if people just reverse the meaning of something by abbreviating it (here by turning the adjective into a noun). And then not noticing it. The term Trojan Horse in computing is just one (unfortunately) often seen example…
But no wonder that Microsoft doesn’t care about such things. They care
about so less (e.g. stable software, secure operating systems, users,
administrators, trust, etc.) except keeping their monopoly, making
money and making even more money.
Tagged as: Fläsch, Greek History, Heise, Microsoft, Monopol, Sarcasm, Trojan Horse, Trojans
// show without comments // write a comment
