Gregory Taylor wrote: > Jochem, > > If I sound a little confused by your statement, it's because I am. I'm not using a >Unix box and telnet is turned off on > this server.
I was suggesting you can use a telnet client to connect to port 80 of your webserver and send some malformed request to reproduce it. > My biggest question and I think the error message says it all, is whether someone is >able to "steal" the data. > I don't think so, because it's being dumped before it is returned to the user. It looks like a harmless browser error to me as well. <quote> The presence of a message-body in a request is signaled by the inclusion of a Content-Length or Transfer-Encoding header field in the request's message-headers. </quote> RFC 2616, section 4.3 If a browser breaks this rule, i.e. sends a message body but does not indicate a content-length or transfer-encoding, I suspect you wil get the error you indicated in the CF log. > Any info on creating the "HTML page" you have would help me close or attempt to trap >the suspected user. If you just want to trap the user it is probably easier to match the CF log with the webserver log and get an IP from there. Jochem ______________________________________________________________________ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
