[7.075] Invalid POST requests with Zattoo streaming client [CONFIRMED]

2007:11:08-18:58:23 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x95b3650" function="fileextension_scan" file="fileextensionscanner.c" line="130" message="error converting file name to utf-8 from UTF-8.: Conversion from character set 'UTF-8.' to 'UTF8' is not supported"
2007:11:08-18:58:23 (none) httpproxy[7820]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="172.16.70.20" user="" statuscode="200" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="389" time="457 ms" request="0x95b3650" url="frodo.zattoo.com/.../fd
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs01.astaro.com' access time: 413"
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs02.astaro.com' access time: 355"
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs04.astaro.com' access time: 289"
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs05.astaro.com' access time: 228"
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs03.astaro.com' access time: 520"
2007:11:08-19:00:37 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs06.astaro.com' access time: 436"
2007:11:08-19:00:38 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs08.astaro.com' access time: 832"
2007:11:08-19:00:40 (none) httpproxy[7820]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs07.astaro.com' access time: 3301"

Parents

0 Gert Hansen over 17 years ago

Hi ClausP,

what was the URL you wanted to access which resulted in the error?

Can you give me a brief explanation how i can reproduce this?

thanks
Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ClausP over 17 years ago in reply to Gert Hansen

The zattoo clients gets successfull the xml file from the url -> http://frodo.zattoo.com/frontdoor/fd?brand=Zattoo&v=3.0.8&vtype=Beta&os=Vista and then tries to contact these servers.

----------------------------------------------------------------------

−

3.0.0 Beta
3.0.8 Beta

−

91.123.96.21:8296
91.123.96.23:8296
91.123.96.24:8296
91.123.96.22:80
91.123.96.14:80
82.197.170.22:8296
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Gert Hansen over 17 years ago in reply to ClausP

Hi Claus,

i have just downloaded zattoo 3.0.8 beta and tried it out and it worked, i can view MTV, DSF and others without a problem.

I have single scan AV, block Spyware and have 'Bypass content scanning for streaming content' enabled. I use a german Visa Ultimate as the OS for Zatoo.
How does your config look like?

Is there a special channel that does not work?

Thanks
Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Gert Hansen over 17 years ago in reply to ClausP

Hi Claus,

i have just downloaded zattoo 3.0.8 beta and tried it out and it worked, i can view MTV, DSF and others without a problem.

I have single scan AV, block Spyware and have 'Bypass content scanning for streaming content' enabled. I use a german Visa Ultimate as the OS for Zatoo.
How does your config look like?

Is there a special channel that does not work?

Thanks
Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 ClausP over 17 years ago in reply to Gert Hansen

Hi Gert,

my setup looks like yours. It is a really simple setup with no paketfilter rules, no ips, no vpn, no content filter...

Zattoo Client 3.0.8 beta on XPSP2

And I got still these blocked messages:

2007:11:09-00:28:38 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1"

2007:11:09-00:28:51 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1"

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scr_scan" file="scr_scanner.c" line="153" message="no categegorization server available"

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.70.20" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2779" time="1 ms" request="0x94d4280" url="91.123.96.14/.../ad_body.jsp

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="scr_scan" file="scr_scanner.c" line="153" message="no categegorization server available"

2007:11:09-00:32:43 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="172.16.70.20" user="" statuscode="403" cached="0" profile="profile_0" filteraction="action_REF_DefaultHTTPCFFAction" size="2767" time="0 ms" request="0x94d4280" url="91.123.96.14/.../ad_placement.jsp

2007:11:09-00:33:41 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs04.astaro.com' access time: 648"

2007:11:09-00:33:41 (none) httpproxy[4259]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_servers_callback" file="scr_scanner.c" line="809" message="server 'cffs05.astaro.com' access time: 507"
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 svens over 17 years ago in reply to ClausP

2007:11:09-00:28:38 (none) httpproxy[4259]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="POST" srcip="172.16.70.20" user="" statuscode="400" cached="0" profile="profile_0" filteraction="" size="2185" time="0 ms" request="0x8080680" url="91.123.96.21" error="invalid request line: POST http://91.123.96.21 HTTP/1.1"

I think this error is the main cause of the problem. To determine whether the proxy is guilty or not, is it is possible that you capture the connection with tcpdump like this, and send the dumpfile to sschnelle@astaro.com?:

tcpdump -pni any port 8080 -s0 -w http.pcap

Thanks,

Sven.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 svens over 17 years ago in reply to svens

Reproduced this issue here, seems like the proxy is guilty. Will be fixed soon.

The 'cannot convert filename to UTF8...' error message is just a red herring - The server delivers an invalid charset, but this has no impact in this case.

Thanks,

Sven.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[7.075] Invalid POST requests with Zattoo streaming client [CONFIRMED]

Submitted a Tech Support Case lately from the Support Portal?