Cat Mucius

Asked: 2018-12-18 02:38:33 +0800 CST2018-12-18 02:38:33 +0800 CST 2018-12-18 02:38:33 +0800 CST

IIS responds with "401 Unauthorized" without waiting for request's body

I noticed that our IIS 8.5 returns "401 Unauthorized" response to non-authenticated HTTP request right after receiving its headers, without waiting for the body:

the client:

POST /some/protected/page HTTP/1.1
Host: server.example.org
Content-Length: 4666

the server, without waiting for the rest:

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/8.5

the client goes on:

<xml>some large XML block of 4666 bytes in total</xml>

Now, by itself it doesn't represent a problem, but our load balancer (FortiGate v6.0.3) decided to be smart, so it drops the request's body after seeing the "401 Unauthorized" response. And this, as I understand, causes next request over the same TCP pipe to fail, since the server interprets next bytes as a payload promised by the "Content-Length: 4666" header.

The question: is it possible to make IIS to wait for the whole request before responding with 401?

IIS responds with "401 Unauthorized" without waiting for request's body

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

IIS responds with "401 Unauthorized" without waiting for request's body

0 Answers