This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Http uploads using PHP

Hi,

I am using ASL 6 and has some problems with uploading via http using PHP scripts on my server within ASL where anything larger than 2MB will be corrupted somehow. I thought it was an apache/php problem but i had eradicated all. So i am suspecting ASL because i tried several locations outside ASL and had
this problem while there isnt any problem when i try
it on the LAN within ASL and it's not a browser issue.

Thus, i would like to know where is the place likely that ASL will
deny/filter http uploads and also anywhere with regards to packet
fragmentation? I certainly didnt see anything worthy in livelog.

Thanks

This thread was automatically locked due to age.

Parents

0 elnuevopajaro over 19 years ago

I actually saw this in intrusion protection live log:
2006:01:17-02:16:59 (none) snort[21160]: [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80
2006:01:17-02:16:59 (none) snort[21160]: [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80
2006:01:17-02:17:24 (none) snort[21160]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80 where 192.168.1.6 is the http server in question
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 elnuevopajaro over 19 years ago

I actually saw this in intrusion protection live log:
2006:01:17-02:16:59 (none) snort[21160]: [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80
2006:01:17-02:16:59 (none) snort[21160]: [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80
2006:01:17-02:17:24 (none) snort[21160]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 202.156.6.36:30403 -> 192.168.1.6:80 where 192.168.1.6 is the http server in question
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BarryG over 19 years ago in reply to elnuevopajaro

Well, you can disable that rule in the IPS, if it's set to BLOCK.

Also, the Squid http proxy configuration may not be letting you upload large files.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 elnuevopajaro over 19 years ago in reply to BarryG

Can anyone tell mi where n what are the rules that causes these? I cant find them in intrusion protection even via search string
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 18 years ago in reply to elnuevopajaro

Just found this thread...
FYI,
OVERSIZE REQUEST-URI DIRECTORY cannot be disabled in ASL... and the threshold is 500 bytes (snort's default)

Barry
Cancel
Vote Up 0 Vote Down

Cancel