https://stackoverflow.com/questions/13643368
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianSadly there's nothing to do on the client side (customer/phone/browser), but there are some possible scenarios to get an approach to a solution. If you're web developer (VASP side), you need to take care about the URL/URI size in order to prevent that POST needs more than one packet. If you're the web server manager (VASP/Telco side), you can define that multiple values are going to be accepted for these specific headers (when equal).in this scenario you need to be aware that you gonna put your server under risk of HTTP response splitting attack. If you're the proxy admin (Telco side), you can tune your GW to discard the extra header instead of merging them into one header containing multiple values but, in this scenario you need to be aware that you gonna be out of RFC recomendations.
Multiple values seen in http request header when connecting over GPRS / WAP
-
03-12-2021 - |
Question
When I make a request to web service over wifi everything is working well but the same when made on GPRS having WAP connection (I did not in anyway force the connection to be WAP, this might be carrier dependent. Testing done in Argentina) the server is receiving duplicate values in both Content-Type & Content-Length.
Below is the same request logged on server first over WiFi and second over GPRS.
Over WiFi:
POST /ODP/Services.asmx HTTP/1.1
User-Agent: kSOAP/2.0
SOAPAction: http://temphost.org/RetrieveConfiguration
Content-Type: text/xml
Connection: close
Content-Length: 464
Host: temp.host.com
Accept-Encoding: gzip
Over GPRS:
POST /ODP/Services.asmx HTTP/1.1
Accept-Encoding: deflate, gzip, identity
Content-Length: 464, 464
Content-Type: text/xml, text/xml
Host: temp.host.com
SOAPAction: http://temphost.org/RetrieveConfiguration
User-Agent: kSOAP/2.0
X-WAP-WTLSEncryptiontype: NONE
X-WAP-Bearerinfo: W-HTTPS=FALSE, bearertype=0
Via: W-HTTP/1.1 wgw-fe6 EMIG 5.1
x-msisdn: <User Phone number>
x-up-calling-line-id: <User Phone number>
x-technology-stack: Unknown
TE: trailers
Connection: TE
I am not able to understand how and where the multiple values are being added in the request for the Content-Type & Content-Length headers.
Can somebody enlighten me what is wrong with the WAP connection or is it being added at the carrier end while modifying the request to WAP.
Solution
OTHER TIPS
If because of its extension a POST is truncated and requires more than one packet, content-length and content-type fields are duplicated.
WGW resolves this situation by merging them into one header containing multiple values comma separated, the problem is that this header containing multiple values generates HTTP 411 error code.
Based in latest RFC drafts, this traffic must be discarded with error code 502 but some workaround intended to remove one of the header instead of merging them in order to keep this transactions in progress is possible.
