Jump to content

HTTP Trailers are removed by Web Protocol protection


Recommended Posts

Currently ESET is rewriting body chunks and removing trailers with HTTP Transfer-Encoding:chunked.

HTTP Server sends:

HTTP/1.1 200 OK
Trailer: Server-Trailer-C
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked

d
Hello, World!
D
Hello, World!
0
Server-Trailer-C: XYZ

With Web Protocols > Enable HTTP Protocol checking enabled, the client reads this response:

HTTP/1.1 200 OK
Trailer: Server-Trailer-C
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked

1a
Hello, World!Hello, World!
0

With HTTP Protocol checking disabled, it reads exact response as written by the Server.

Excluding the server from being checked/handled in "URL Address management" did not work either.

Web Protection should not rewrite the body nor remove the trailers, unless there is a good reason. If there is a good reason, there should be a way to disable it for a particular server, because currently the only way is to disable the HTTP Protocol checking completely. This behavior is making go compiler net/http tests fail when you have ESET installed.

To reproduce the issue, here is a minimal standalone program:

Probably related issue: 

 

Link to comment
Share on other sites

  • ESET Moderators

Hello Egon,

thank you for reporting it and the PoC as well, ee will check it here.

The exclusions work, but you have to specify the domain including the wildcards like *.domain.com/*

Regards, P.R.

Link to comment
Share on other sites

I have tried all of these without any success:

localhost
*localhost*
127.0.0.1
*127.0.0.1*
*127.0.0.1/*
*127.0.0.1:10000*
*127.0.0.1:10000/*

 

Link to comment
Share on other sites

  • ESET Moderators

Hello @Egon,

thank you once again for reporting this issue.

It should be fixed in next Internet protection module (distributed automatically along with other modules updates), expected version of Internet protection module with this fix is 1319.

Regards, P.R.

Link to comment
Share on other sites

Thanks, it seems to be working now.

Although, internet protection module is still at 1315, maybe it was also in Network module 1555, that's the only one that was recently update... regardless, it works, so I'm happy :D

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...