Apache web server sending 400 response - apache

We have configured NTLM authentication using SSPI on apache due to which the authentication is three steps, where there are two 401 responses followed by 201/200 response.
Now in IE browser, this breaks because of - Why "Content-Length: 0" in POST requests?
Apache web server sends a 400 bad request response due to empty post request due to which POST on the server breaks.
How can I configure Apache to not treat this as 400 BAD request and process it normally?

Related

Strange case of HTTP headers: If-Modified-Since and If-None-Match

As part of a test application, I'm making HTTP requests to webpages. On receiving a response, I save the current date/time (GMT) and ETag header for subsequent requests. However, for some strange reason, some host servers are not validating the If-Modified-Since and If-None-Match headers on subsequent requests.
One such example is this webpage: www.foxsports.com/nba/cleveland-cavaliers-team-news (running Apache). It always returns the full body with a 200-Ok HTTP status, when a 304-NotModified status is expected, hence ignoring the If-Modified-Since and If-None-Match headers sent in the request. I tested it using curl and online Hurl.
Any ideas why the sent request headers are not validated by some host servers?

How to get Casperjs to work with Windows authentication

We need to test a site that require windows authentication. We have tried to automate it using Casperjs, but we kept on getting a 401.
We found that others had similar issue based on the following discussion . However, the discussion was closed with no real solutions.
Someone in that discussion noted that he/she used page.customHeader with additional workarounds, but no real steps were provided on how to get this to work.
We also tried updating url to http://username:passowrd#domain.com pattern & even that did not helped.
See Fiddler's sample response when i tried this in the
GET / HTTP/1.1
Host: host
HTTP/1.1 401 Access Denied
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
GET / HTTP/1.1
Host: host
Authorization: NTLM TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAAAB=
HTTP/1.1 401 Access Denied
WWW-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADAAAAAFgoGgCY6qiih5j bAAAAAAAAAAAH4AfgA8AAAAUABPAFIAVAA4ADAAAgAMAFAATwBSAFQA OAAwAAEACgBKAEwASQBNAEEABAAkAH
Actually there was a good workaround sugguested in issue discussion on PhantomJS github. You could use a local NTLM proxy and connect to it via CasperJS like so:
casperjs --proxy=localhost:3133 --ignore-ssl-error=true --ssl-protocol=any script.js

How do I fragment the http request to one or more requests using mod_proxy?

I want to fragment one http requestto one or more http requests using apache proxy(i.e mod_proxy or hooking http get request message.
For example,
Client sends the http Get request with Content-Range : 0 - 4096bytes
Apache proxy server receives the this request message
Proxy sends the 2 http Get request messages with each Content-Range header
one HTTP Get Request message Content-Range : 0 - 2047
another HTTP Get Request message Content-Range : 2048 - 4096
Is it possibe to divide one request message to one or more request messages changing the content-range header value?
I don't believe there is any way with Apache to split a request on the byte level and then send part of it to one place and then part of it to another. Specifically because the breaking the request apart can well... break the request.
Also, the receiving end would now need to piece the split request back together or the proxy would have to do it.

NTLM-authenticaion fails but Basic authentication works

Here's what happens on the local server when application invokes HTTP request on local IIS.
request.Credentials = CredentialCache.DefaultNetworkCredentials;
request.PreAuthenticate = true;
request.KeepAlive = true;
When I execute the request, I can see the following series of HTTP calls in Fiddler:
Request without authorization header, results in 401 with WWW-Authenticate NTLM+Negotiate
Request with Authorization: Negotiate (Base64 string 1), results in 401 with WWW-Authenticate: Negotiate (Base64 string 2)
Request with Authorization: Negotiate (Base64 string 3), results in 401 with WWW-Authenticate: Negotiate (Base64 string 4)
Request with Authorization: Negotiate (Base64 string 3), results in 401 with WWW-Authenticate NTLM+Negotiate
Apparently the client and the server (both running on the same machine) are trying to handshake, but in the end authorization fails.
What is strange is that if I disable Windows authentication of the site and enable Basic authentication and send user/pwd explicitly, it all works. It also works if I use NTLM authentication and try to access the site from the browser specifying my credentials.
Well, after several hours of struggling I figured what the problem was. In order to be able to inspect network traffic in Fiddler I defined a Fiddler rule:
if (oSession.HostnameIs("MYAPP")) { oSession.host = "127.0.0.1"; }
Then I used "MYAPP" instead of "localhost" in the Web app reference, and Fiddler happily displayed all session information.
But server security was far less happy, so this alias basically broke challenge-response authentication on the local server. Once I replaced the alias with "localhost", it all worked.

Do 502 errors have any impact on website rankings?

502 = bad gateway (php-fpm problems, etc.)
Does googlebot consider them 503? (503 = server overloaded & try again later)
google supports HTTP 502
http://www.google.com/support/webmasters/bin/answer.py?answer=40132
and treats them as
502 (Bad gateway)
The server was acting as a gateway or proxy and received an invalid
response from the upstream server.
in my experience google treats 502 as downtime and stops hammering your server for some (short) time.