All geek questions in one place

Characters Displayed in POST Data

I am running a high traffic ssl site with apache / mod_wsgi / python. Very often (about 10 times in 3 months) I saw a few extra garbage characters in the mail data.

Usually it was in the form of an extra char at the end.

('access.uid', 'allow\xba') ('checksum', 'b219d6a006ebd95691d0d7b468a94510496c5dd8\xff')

Once, although it was in the middle of some kind of password. Sort of:

 ('login_password', 'samplepass\xe7word')

I tried to restore the request with all the same headers, but I could not repeat the error. Does anyone have any ideas on what might be causing this or any ideas on how I could reproduce and fix this problem?

(Copied from below):
I am using apache-2.2.17_1 - Peter March 15 at 18:09 I am using mod_wsgi-3.3_1 on one computer and mod_wsgi-2.8_1 on another. I saw this error on both.

+4
source share
4 answers

What version of Apache are you using? From memory, somewhere around Apache 2.2.12-2.2.15, there were various SSL fixes. You might want to make sure that you are using Apache 2.2.15 or later.

+2
source

what happens if you type eval("u'%s'"%garbled_text) ? (it looks like you cannot send sensitive data)

It seems to me that somewhere he suggests that you read ASCII, even if you told him to read utf-8.

Is it possible to see the code that reads the POST data in python or where it is indicated and from which input form?

0
source

Since you said that all errors occurred in IE 7 or 8, I begin to suspect that the error occurs on the client side in the browser. I have never heard anything like this about this error, and I do not know what could lead to its server side, except for a hardware failure (although this seems strange, since only one character is added ). Perhaps you should invite your users to switch to a decent browser?

0
source

This is very similar to chunked HTTP / 1.1 .

Use the appropriate handler to remove it before parsing. See [1] , [2] .

Another option is to only accept HTTP / 1.0, which does not have chunking at all, but this can have disadvantages.

0
source

Source: https://habr.com/ru/post/1343819/

More articles:


All Articles