By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,041 Members | 1,858 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,041 IT Pros & Developers. It's quick & easy.

Why do I get "The server committed a protocol violation"?

P: n/a
I have an application that is making an HTTP request with
HttpWebRequest.GetRequest. Unless I set 'httpWebRequest
useUnsafeHeaderParsing="true"' in the web.config, I get a
'The server committed a protocol violation. Section=ResponseStatusLine' error.

Here is an example of the session that generates the error:

--- snip ---
GET <someURLHTTP/1.0

Host: <host>:<port>

Connection: Keep-Alive

HTTP/1.0 200 OK
Server: III 100
MIME-version: 1.0
Date: Tue, 13 Jan 1970 21:58:08 GMT
Expires: Wed, 19 Jul 2006 16:07:48 GMT
Content-Type: text/html; charset=UTF-8

<HTML><BODY>
RETCOD=0<BR>
</BODY></HTML>
--- snip ---

What is it about those headers in the HTTP response that is unsafe? Is it
the wacky date, or something more subtle?
Jul 18 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a

Hello Scott,

Thank you for posting in the MSDN newsgroup.

From your description, you're using the HttpWebRequest component to send
some http request to some external web resource in your ASP.NET web
application. However, you're always getting the "The server committed a
protocol violation. Section=ResponseStatusLine" error unless you set the
following section in the web.config file:

==========
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
==========

and you're wondering the cause of this behavior ,correct?

As for this issue, I've performed some research on this and found that the
problem is actually caused by the critical http header parsing/validating
of the HttpWebRequest component. According to the Http
Specification(http1.1), the HTTP header keys shoud specifically not include
any spaces in their names. However, some web servers do not fully respect
standards they're meant to. Applications running on the Dotnet framework
and making heavy use of http requests usually use the httpWebRequest class,
which encapsulates everything a web oriented developer could dream of. With
all the recently issues related to security, the "httpWebRequest" class
provides a self protection mechanism preventing it to accept HTTP answers
which not fully qualify to the specifications.

The common case is having a space in the "content-length" header key. The
server actually returns a "content length" key, which, assuming no spaces
are allowed, is considered as an attack vector (HTTP response split
attack), thus, triggering a "HTTP protocol violation error" exception.
And it is possible since the 1.1 SP 1 DotNet version to disable this error
check. Fortunately, DotNet allows you to modify some parameters directly
through a simple text configuration file :). and that's just the setting
you mentioned ealier in your message.

<configuration>
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
</configuration>

Hope this helps clarify this problem some.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to

http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial

response from the community or a Microsoft Support Engineer within 1
business day is

acceptable. Please note that each follow up response may take approximately
2 business days

as the support professional working with you may need further investigation
to reach the

most efficient resolution. The offering is not appropriate for situations
that require

urgent, real-time or phone-based interactions or complex project analysis
and dump analysis

issues. Issues of this nature are best handled working with a dedicated
Microsoft Support

Engineer by contacting Microsoft Customer Support Services (CSS) at

http://msdn.microsoft.com/subscripti...t/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 19 '06 #2

P: n/a


#How to: Configure Network Tracing
http://msdn2.microsoft.com/en-us/library/ty48b824.aspx

#Interpreting Network Tracing
Jul 19 '06 #3

P: n/a
Hello Scott,

Just forget to mention that if you're developing under .net framework 2.0,
you can utilize the new Network Tracing feature to trace the processing in
those network components such as the classes in System.Net namespace. This
would be helpful for intercepting network component's communication:
#How to: Configure Network Tracing
http://msdn2.microsoft.com/en-us/library/ty48b824.aspx

#Interpreting Network Tracing
http://msdn2.microsoft.com/en-us/library/46fcs6sz.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Jul 19 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.