Problem with Half-SSL...
|
Mar. 23, 2009, 05:03 PM
Post: #16
|
|||
|
|||
RE: Problem with Half-SSL...
(Mar. 23, 2009 02:27 PM)ProxRocks Wrote: malware warnings are becoming a bit of a "boy that cried wolf"... There were 2 warnings before, now there's only 1 |
|||
Mar. 23, 2009, 05:24 PM
(This post was last modified: Mar. 23, 2009 05:26 PM by ProxRocks.)
Post: #17
|
|||
|
|||
RE: Problem with Half-SSL...
interesting...
i was having second thoughts in regards to posting them "as" half-ssl anyway - any of us doing the debugging, our configs would have converted them for us anyway... not sure where that second warning could be coming from... other than having "financial" login links on a "non-financial" website... or that actual login links usually aren't linked to "directly" even via financial websites, the "home" is linked, the user clicks "log in" from there... |
|||
Mar. 23, 2009, 05:40 PM
Post: #18
|
|||
|
|||
RE: Problem with Half-SSL...
Yep! No more warnings now, I disabled access before and send the quarantined file to Avira stating a FP, Avira just updated, and now, no more warnings !
|
|||
Mar. 23, 2009, 06:04 PM
Post: #19
|
|||
|
|||
RE: Problem with Half-SSL...
does Avira have a forum explaining "why" it might have been flagged in the first place?
the no-more-now could actually be because we've rolled over to page two for this thread and the false positive is on page one... |
|||
Mar. 23, 2009, 06:50 PM
(This post was last modified: Mar. 23, 2009 06:51 PM by Toppy.)
Post: #20
|
|||
|
|||
RE: Problem with Half-SSL...
ProxRocks,
No, I was smart enough to force-reload the first page of this thead Avira has a forum but there's no info to my knowledge to gather about the what's and why's, and also F/P reporting is a terrible pain in the (0), they're still near the top of the list regarding FP's, but this problem they've taken quite serious. |
|||
Mar. 23, 2009, 09:06 PM
Post: #21
|
|||
|
|||
RE: Problem with Half-SSL...
(Mar. 22, 2009 11:12 PM)lnminente Wrote: Hi Sidki, analizying your code i saw a ";" before the secure, i didn't test it but if i'm not wrong when secure is in first place it wouldn't match. Just to let you know, in other filters you used (\#(; )\0|) If you place a supplemental field first, you'll break the cookie. I've just re-checked, the user-agent is naming the cookie after the first field. |
|||
Apr. 02, 2009, 08:32 PM
Post: #22
|
|||
|
|||
RE: Problem with Half-SSL...
Removing "TEST" flag from discussed filter...
|
|||
Apr. 07, 2009, 02:27 AM
Post: #23
|
|||
|
|||
RE: Problem with Half-SSL...
i've stumbled upon another Half-SSL glitch...
the Message Log window has this line at where the login process seems to fail via Half-SSL but logs in successfully without Half-SSL... Code: Location: https://mfasa.chase.com/auth/auth-stoken-osl.html?auth_redirecturl= https%3A%2F%2Fchaseonline.chase.com%2FSecure%2FOSL.aspx %3Fnewstoken%3Dfalse%26LOB%3DCOLLogon%26 Referer%3Dhttps%253A%252F%252Fchaseonline.chase.com%252FLogon.aspx %26resId%3Dsuccess%26& |
|||
Apr. 07, 2009, 03:00 AM
Post: #24
|
|||
|
|||
RE: Problem with Half-SSL...
There's nothing i could tell from this header, except that its value - when pasted into the test window - is matched by "Location: 5 Half-SSL".
|
|||
Apr. 07, 2009, 10:00 AM
Post: #25
|
|||
|
|||
RE: Problem with Half-SSL...
two questions -
1) is the "Location: 5 Half-SSL" filter supposed to be doing anything with the Secure wording contained within the "redirecturl=" ? 2) is there supposed to be a trailing & at the very end of the posted line ? |
|||
Apr. 07, 2009, 10:32 AM
Post: #26
|
|||
|
|||
RE: Problem with Half-SSL...
1) No. Here "Secure" is part of a path name, not a cookie token, as with the previous problem.
2) No. However, server side scripts usually ignore it. |
|||
Apr. 07, 2009, 05:11 PM
Post: #27
|
|||
|
|||
RE: Problem with Half-SSL...
how 'bout this, is this the culprit?
should the https:// URL in this screen-cap be "prefixed" with http://https-px-. when Half-SSL is enabled? |
|||
Apr. 07, 2009, 05:28 PM
Post: #28
|
|||
|
|||
RE: Problem with Half-SSL...
That can't be the problem either. Proxomitron is passing the real URL to the script here, to keep it in sync with the filters.
(Compare source with e.g. half-sll'ed https://bugzilla.mozilla.org/ .) |
|||
Apr. 07, 2009, 05:40 PM
Post: #29
|
|||
|
|||
RE: Problem with Half-SSL...
hmmm... i'll keep digging...
ps - it's not an IE8 thing, Opera and 'fox are also both "backing out" of half-ssl... shovel, shovel... dig, dig... |
|||
Apr. 10, 2009, 01:36 PM
Post: #30
|
|||
|
|||
RE: Problem with Half-SSL...
eureka! found it... (i think...)
in regards to this filter, Set-Cookie: 7 Strip "Secure" if Half-SSL 9.03.14 (cch!) [sd] (d.1) (In), does it have, or any header filter, for that matter, does it have a "character limit" ? i have a "; secure" that is NOT being stripped... here's the set-cookie log-line: Code: set-cookie: SMSESSION=+qNnFhO437GNgIAbdCaXT8X8V0hIFQ1KTrAlUuDVgChhN4ePA the question is this - is it that HUGE smsession string that's preventing the tail-end secure from being stripped ? |
|||
« Next Oldest | Next Newest »
|