headers
Tebor Computing | 2 May 01:36

Possible output filter errors?

Hello everyone,

This may not be a Mod Security issue at all, but a small percentage of web clients experience truncated pages which should normally display long lists of database results. Response limit has been raised for the PHP script in our modsec custom rules file. The script functions correctly for 99% of users, and can display over 5000 rows without issue. For the other 1% the following error appears in the Mod Security debug log file:

"Output filter: Error while forwarding response data (54): Connection reset by peer"

When the page truncates, something odd happens. Some extraneous html or javascript code will be displayed to the browser either before or after the database results table. Very odd indeed.

Just to make sure, I recoded the PHP script making it W3C compliant, yet the errors still occur.

Thanks to the Mod Security team,
Todd Tebor
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Permalink | Reply |
headers
Ryan Barnett | 2 May 01:52

Re: Possible output filter errors?

Can you send an audit log of such a transaction?

 

 

From: mod-security-users-bounces <at> lists.sourceforge.net [mailto:mod-security-users-bounces <at> lists.sourceforge.net] On Behalf Of Tebor Computing
Sent: Thursday, May 01, 2008 7:39 PM
To: mod-security-users <at> lists.sourceforge.net
Subject: [mod-security-users] Possible output filter errors?

 

Hello everyone,

This may not be a Mod Security issue at all, but a small percentage of web clients experience truncated pages which should normally display long lists of database results. Response limit has been raised for the PHP script in our modsec custom rules file. The script functions correctly for 99% of users, and can display over 5000 rows without issue. For the other 1% the following error appears in the Mod Security debug log file:

"Output filter: Error while forwarding response data (54): Connection reset by peer"

When the page truncates, something odd happens. Some extraneous html or javascript code will be displayed to the browser either before or after the database results table. Very odd indeed.

Just to make sure, I recoded the PHP script making it W3C compliant, yet the errors still occur.

Thanks to the Mod Security team,
Todd Tebor

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Permalink | Reply |
headers
Ivan Ristic | 2 May 09:21
Picon

Re: Possible output filter errors?

Can you disable ModSecurity for a while to determine if the problem is
related to it or not?

The error message you cite means the remote client went away without
gracefully closing the communication channel. It's a normal condition,
but Apache does not report it. We choose to be vocal about things that
are out of the ordinary. I don't think this is a ModSecurity problem,
but turning it off might be the only way to find out. You can also try
to only disable response buffering.

On Fri, May 2, 2008 at 12:38 AM, Tebor Computing
<todd <at> teborcomputing.com> wrote:
>
>  Hello everyone,
>
>  This may not be a Mod Security issue at all, but a small percentage of web
> clients experience truncated pages which should normally display long lists
> of database results. Response limit has been raised for the PHP script in
> our modsec custom rules file. The script functions correctly for 99% of
> users, and can display over 5000 rows without issue. For the other 1% the
> following error appears in the Mod Security debug log file:
>
>  "Output filter: Error while forwarding response data (54): Connection reset
> by peer"
>
>  When the page truncates, something odd happens. Some extraneous html or
> javascript code will be displayed to the browser either before or after the
> database results table. Very odd indeed.
>
>  Just to make sure, I recoded the PHP script making it W3C compliant, yet
> the errors still occur.
>
>  Thanks to the Mod Security team,
>  Todd Tebor
>
> -------------------------------------------------------------------------
>  This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
>  Don't miss this year's exciting event. There's still time to save $100.
>  Use priority code J8TL2D2.
>
> http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
> _______________________________________________
>  mod-security-users mailing list
>  mod-security-users <at> lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>

--

-- 
Ivan Ristic

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
Permalink | Reply |

Gmane