[7.075] Invalid POST requests with Zattoo streaming client [CONFIRMED]

Hi ClausP, 

what was the URL you wanted to access which resulted in the error?

Can you give me a brief explanation how i can reproduce this?

thanks
Gert

The zattoo clients gets successfull the xml file from the url -> http://frodo.zattoo.com/frontdoor/fd?brand=Zattoo&v=3.0.8&vtype=Beta&os=Vista  and then tries to contact these servers.

----------------------------------------------------------------------

−

3.0.0 Beta
3.0.8 Beta


−

91.123.96.21:8296
91.123.96.23:8296
91.123.96.24:8296
91.123.96.22:80
91.123.96.14:80
82.197.170.22:8296

Hi Claus, 

i have just downloaded zattoo 3.0.8 beta and tried it out and it worked, i can view MTV, DSF and others without a problem.

I have single scan AV, block Spyware and have 'Bypass content scanning for streaming content' enabled. I use a german Visa Ultimate as the OS for Zatoo.
How does your config look like?

Is there a special channel that does not work?

Thanks
Gert

2007:11:08-18:58:23 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x95b3650" function="fileextension_scan" file="fileextensionscanner.c" line="130" message="error converting file name to utf-8 from UTF-8.: Conversion from character set 'UTF-8.' to 'UTF8' is not supported"

There's an extra dot at the end of the charset name ("UTF-8."). Looks like this is the problem. Question is where this string comes from. I guess an HTTP header.  Please find the URL for request 0x95b3650 (grep for this in the logfile). Thx.

Tom, 
there are many requests with 0x95b3650 and with different URLs.

Bsp.

2007:11:08-18:57:27 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="43" time="136 ms" request="0x95b3650" url="maxdome.ivwbox.de/.../ Animals" 

2007:11:08-18:57:28 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="0" time="352 ms" request="0x95b3650" url="data.coremetrics.com/eluminate

2007:11:08-18:58:23 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x95b3650" function="fileextension_scan" file="fileextensionscanner.c" line="130" message="error converting file name to utf-8 from UTF-8.: Conversion from character set 'UTF-8.' to 'UTF8' is not supported" 

2007:11:08-18:58:23 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="389" time="457 ms" request="0x95b3650" url="frodo.zattoo.com/.../fd

2007:11:08-19:05:29 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="15" time="295 ms" request="0x95b3650" url="213.52.240.240/.../SpamResolverNG.dll

2007:11:08-19:05:40 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x95b3650" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1" 

2007:11:08-19:06:04 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x95b3650" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1" 

2007:11:08-19:08:30 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="42" time="219 ms" request="0x95b3650" url="213.52.240.240/.../SpamResolverNG.dll

2007:11:08-19:08:31 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="44387" time="1206 ms" request="0x95b3650" url="213.52.240.240/.../SpamResolverNG.dll

2007:11:08-19:09:05 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="302" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="1" time="167 ms" request="0x95b3650" url="maxdome.ivwbox.de/.../

2007:11:08-19:09:06 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="304" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="0" time="162 ms" request="0x95b3650" url="www.maxdome.de/.../sn_home_doku.jpg" error="" 
2007:11:08-19:09:06 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="43" time="393 ms" request="0x95b3650" url="data.coremetrics.com/eluminate

Hi Gert,

my setup looks like yours. It is a really simple setup with no paketfilter rules, no ips, no vpn, no content filter...

Zattoo Client 3.0.8 beta on XPSP2

And I got still these blocked messages:

2007:11:09-00:28:38 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1" 

2007:11:09-00:28:51 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1" 

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scr_scan" file="scr_scanner.c" line="153" message="no categegorization server available" 

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.70.20" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2779" time="1 ms" request="0x94d4280" url="91.123.96.14/.../ad_body.jsp

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scr_scan" file="scr_scanner.c" line="153" message="no categegorization server available" 

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.70.20" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2767" time="0 ms" request="0x94d4280" url="91.123.96.14/.../ad_placement.jsp

2007:11:09-00:33:41 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs04.astaro.com' access time: 648" 

2007:11:09-00:33:41 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs05.astaro.com' access time: 507"

2007:11:09-00:28:38 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1"

I think this error is the main cause of the problem. To determine whether the proxy is guilty or not, is it is possible that you capture the connection with tcpdump like this, and send the dumpfile to sschnelle@astaro.com?:

tcpdump -pni any port 8080 -s0 -w http.pcap

Thanks,

Sven.

Reproduced this issue here, seems like the proxy is guilty. Will be fixed soon.

The 'cannot convert filename to UTF8...' error message is just a red herring - The server delivers an invalid charset, but this has no impact in this case.

Thanks,

Sven.