Hello Scott,
Thank you for posting in the MSDN newsgroup.
From your description, you're using the HttpWebRequest component to send
some http request to some external web resource in your ASP.NET web
application. However, you're always getting the "The server committed a
protocol violation. Section=ResponseStatusLine" error unless you set the
following section in the web.config file:
==========
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
==========
and you're wondering the cause of this behavior ,correct?
As for this issue, I've performed some research on this and found that the
problem is actually caused by the critical http header parsing/validating
of the HttpWebRequest component. According to the Http
Specification(http1.1), the HTTP header keys shoud specifically not include
any spaces in their names. However, some web servers do not fully respect
standards they're meant to. Applications running on the Dotnet framework
and making heavy use of http requests usually use the httpWebRequest class,
which encapsulates everything a web oriented developer could dream of. With
all the recently issues related to security, the "httpWebRequest" class
provides a self protection mechanism preventing it to accept HTTP answers
which not fully qualify to the specifications.
The common case is having a space in the "content-length" header key. The
server actually returns a "content length" key, which, assuming no spaces
are allowed, is considered as an attack vector (HTTP response split
attack), thus, triggering a "HTTP protocol violation error" exception.
And it is possible since the 1.1 SP 1 DotNet version to disable this error
check. Fortunately, DotNet allows you to modify some parameters directly
through a simple text configuration file :). and that's just the setting
you mentioned ealier in your message.
<configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
</configuration>
Hope this helps clarify this problem some.
Sincerely,
Steven Cheng
Microsoft MSDN Online Support Lead
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.
Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial
response from the community or a Microsoft Support Engineer within 1
business day is
acceptable. Please note that each follow up response may take approximately
2 business days
as the support professional working with you may need further investigation
to reach the
most efficient resolution. The offering is not appropriate for situations
that require
urgent, real-time or phone-based interactions or complex project analysis
and dump analysis
issues. Issues of this nature are best handled working with a dedicated
Microsoft Support
Engineer by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
