On Thu, 2007-06-28 at 17:31 -0500, Dallas Engelken wrote:
> This must be an issue that needs to be raised with Prolexic, as they are
> doing the DDoS protection for rulesemporium.com.
>
> Can anyone reproduce this redirect outside of RDJ, and give me a dump of
> the full transaction including http headers?
Dallas,
By running a curl hit repeatedly on the RE server I reproduced the
problem. The cmd sent was:
curl -w %{http_code} --compressed -D /tmp/curl_headers -O -R -s -S
http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf
The headers sent back were as follows:
HTTP/1.0 200 OK
Connection: Close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html; charset=iso-8859-1
The page body returned was:
<HTML><HEAD><META HTTP-EQUIV="Refresh" CONTENT="0.1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="-1">
</HEAD></HTML>
A normal fetch of the actual .cf file returns these headers:
HTTP/1.1 200 OK
Age: 882
Date: Thu, 28 Jun 2007 22:41:08 GMT
Connection: Keep-Alive
Via: NS-CACHE-7.0: 1
ETag: "389f7-dbae-eb58c6c0"
Server: Apache/2.0.54 (Gentoo/Linux) DAV/2 SVN/1.2.0 PHP/4.3.11
Last-Modified: Thu, 02 Jun 2005 00:00:03 GMT
Accept-Ranges: bytes
Content-Length: 56238
Keep-Alive: timeout=15, max=99
Content-Type: text/plain; charset=ISO-8859-1
> I'd rather fix the actual problem and not patch around it.
Absolutely!!
--
Lindsay Haisley | "In an open world, | PGP public key
FMP Computer Services | who needs Windows | available at
512-259-1190 | or Gates" | http://pubkeys.fmp.com
http://www.fmp.com | |
