Security Incidents mailing list archives

Re: AOL "proxy" behavior?

From: Mike Arnold <mike () midkaemia fsnet co uk>
Date: Mon, 19 Aug 2002 22:18:02 +0100

On Monday 19 Aug 2002 8:32 pm, Michael  B. Morell wrote:

I was wondering if anyone can verify a pattern that I just came across.


Maybe - read on!

So my question is, does anyone know whether or not that this is some sort
of valid AOL proxy behavior where a request for a single page can go thru
multiple proxies?  Spawning multiple proxies to request information that
generally only 1 proxy would get.  (ie, a request for a web page resulted
in 3 different hosts getting different parts of the page, all off of the
same aspsession id)


1 question: How do you know they got different parts of the page?

OK. I never like to make assumptions, but I will make one here. I am assuming 
you are answering requests to http:// and NOT https:// where you see this 
problem.

We have seen a very similar problem from both AOL proxy servers and Freeserve 
proxy servers. Basically the proxy is either misconfigured or just plain 
broken and actually caches HTTP headers as well as page content. We saw it 
for a session cookie, not the asp session, but one of our own, and it 
resulted in some application confusion to say the least. Don't know if this 
is the case now or not.

The problem was when a session went https:// -> http:// -> https://. If 2 
people followed this path, then the second had picked up the cookie of the 
first when returning to https://

Our fix was simple. We removed the http:// links within the same domain and 
made them https://. Shouldn't have been there anyway. Not sure how you would 
fix it for simple http:// requests though. The cookie will probably be being 
spread across the different proxies by load balancing if that is the case. 
Can't explain why they would be sequentail though unless they had all logged 
on at the same time and come to view your site at the same time.

Don't know if that answers it, but that's what we saw!

Mike

--

 "In their capacity as a tool, computers will be but a ripple on the 
   surface of our culture. In their capacity as intellectual challenge, 
   they are without precedent in the cultural history of mankind." 
        Edsger Wybe Dijkstra on Computers

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

AOL "proxy" behavior? Michael B. Morell (Aug 19)
- Re: AOL "proxy" behavior? Mike Arnold (Aug 20)
- Re: AOL "proxy" behavior? Jeff Jirsa (Aug 20)
- Re: AOL "proxy" behavior? Kurt Seifried (Aug 20)