| David Wang [Msft] 2005-01-29, 7:47 am |
| When you get 411, it usually means that you sent a POST without sending a
Content-Length (or any other HTTP header indicating expected length of
entity body).
The behavior is by-design and cannot be disabled -- client is sending
invalid HTTP and the server should reject it, according to HTTP spec. IIS5
was far more lenient about HTTP spec and allowed junk requests (including
hacks/vulnerabilities). Proper security practices require that IIS6 crack
down on such violations, without exceptions.
The correct thing is to fix the client code to send correct HTTP. Even
though "it worked before" and there are more clients than servers and it is
highly tempting to implement a "server-side hack" to get things working,
over time, such actions erode the aegis of the HTTP spec -- since non-spec'd
server-side hack is required to work with non-spec'd client-side bug.
--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Steve Pearson" <steve@softwareconstruction.co.uk> wrote in message
news:u76cchsAFHA.208@TK2MSFTNGP12.phx.gbl...
Hope someone can help.
Upgraded server from W2K to W2K3. ASP app running under IIS 6.0.
Clients use XMLHTTPPOST to send data back and forward to asp pages. All IE
clients work fine, however Firefox clients fail.
The web server is returning 411 Length Required. This must be a new check in
IIS 6.0 as it didn't do it in 5.0.
Anyone know how to turn the check off?
Cheers in advance (its doing my head in!)
Steve
|