团队测试:失败的负载.请求失败:服务器违反了协议.Section = ResponseHeader Detail = CR必须跟随LF [英] Team test: Failing load. Request failed: The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF
问题描述
质量检查部门的人员使用Visual Studio团队测试(2008 IIRC)对我们的Web应用程序进行负载测试.
The folk in the QA department use visual studio team test (2008 IIRC) to run load tests against our web application.
最新的一组测试在几页上均未通过.报告的错误是
The latest set of tests have failed on several pages. The error reported is
请求失败:服务器违反了协议.Section = ResponseHeader Detail = CR后必须加上LF
使用google搜索此功能会产生很多结果.似乎该错误消息是从.Net框架WebRequest类生成的(即,它不是Visual Studio特定的消息).最有用的结果是此,其中详细说明了我的确切问题以及如何抑制该错误.
Searching for this using google yields quite a few results. it would appear that this error message is generated from the .Net framework WebRequest class (i.e. it is not a visual studio specific message). The most useful result is this one, which details my exact problem and how to suppress the error.
但是,当然,我想深入了解为什么首先发生此错误.以下是更多事实:-
But of course, I want to get to the bottom of why this error occurs in the first place. Here are some more facts: -
- 针对旧版Web应用程序运行测试时,从未发生此错误.网络应用程序.两种情况下,主机操作系统和Web服务器(Win 2003和IIS 6)都是相同的.
- 并非所有页面都会产生此错误-只有一些页面.
- 这些页面(我能想到的)的唯一重要变化是,它们现在使用了一些AJAX,而以前却没有使用(IIRC)
为了缩小问题的范围,我创建了可以复制问题的最简单的页面.幸运的是,这并不难.然后,我使用Fiddler检查了标头中的字节,但是我找不到出现的CR(0x0D),其后没有LF(0x0A).
In order to narrow down the problem, I created the simplest page that I could to replicate the problem. Luckily, that was not too hard. I then inspected the bytes in the header using Fiddler but I could not find an occurrence of a CR (0x0D) that was not followed by a LF (0x0A).
原始HTTP响应(由Fiddler通过响应保存字节从Fiddler存储-因此在保存期间不应更改其编码)为
The raw HTTP response (as stored from Fiddler by response saving bytes - so its encoding should not have been altered during the save) is here as text if you don't believe me!
所以现在我离开了,以为所假定的错误可能是错误的警报.有没有其他人对此有经验/可以帮助阐明?
So now I am left thinking that the supposed error might be a false alarm. Does anyone else have experience of this/can help shed light?
推荐答案
这绝对不是错误的警报-在尝试与Facebook API通信时,我的应用程序中经常出现此错误.
This is definitely not a false alarm - I've been getting this error in my app a lot while trying to communicate with Facebook API.
I've just stumbled upon this response from Steven Cheng - http://www.velocityreviews.com/forums/t302174-why-do-i-get-the-server-committed-a-protocol-violation.html - and let me quote him:
根据您的描述,您正在使用要发送的 HttpWebRequest 组件一些HTTP请求到一些外部网站ASP.NET网站中的资源应用.但是,你总是得到服务器提交了一个违反协议.Section = ResponseStatusLine错误除非您设置以下部分在web.config文件中:
From your description, you're using the HttpWebRequest component to send some http request to some external web resource in your ASP.NET web application. However, you're always getting the "The server committed a protocol violation. Section=ResponseStatusLine" error unless you set the following section in the web.config file:
<system.net>
<settings>
<httpWebRequest useUnsafeHeaderParsing="true" />
</settings>
</system.net>
您是否想知道这种行为的原因,对吗?
And you're wondering the cause of this behavior, correct?
对于这个问题,我已经做了一些对此进行研究,发现问题实际上是由关键的HTTP标头解析/验证HttpWebRequest组件.根据Http规范(http1.1),HTTP标头密钥应特别注意名称中不能包含任何空格.但是,某些Web服务器不能完全尊重他们要遵守的标准.在Dotnet上运行的应用程序框架和大量使用http请求通常使用httpWebRequest类,其中封装面向Web的所有内容开发人员可以梦想的.与所有最近与安全性有关的问题,"httpWebRequest"类提供了一个自我保护机制防止它接受HTTP答案,而不是完全符合规范.
As for this issue, I've performed some research on this and found that the problem is actually caused by the critical http header parsing/validating of the HttpWebRequest component. According to the Http Specification(http1.1), the HTTP header keys shoud specifically not include any spaces in their names. However, some web servers do not fully respect standards they're meant to. Applications running on the Dotnet framework and making heavy use of http requests usually use the httpWebRequest class, which encapsulates everything a web oriented developer could dream of. With all the recently issues related to security, the "httpWebRequest" class provides a self protection mechanism preventing it to accept HTTP answers which not fully qualify to the specifications.
常见的情况是在内容长度"标头键.这服务器实际上返回一个内容长度"键,假设没有空格被允许,被视为攻击媒介(HTTP响应拆分攻击),从而触发HTTP协议违规错误"异常.
The common case is having a space in the "content-length" header key. The server actually returns a "content length" key, which, assuming no spaces are allowed, is considered as an attack vector (HTTP response split attack), thus, triggering a "HTTP protocol violation error" exception.
请尝试一下是否有帮助,然后稍后再发布结果
Will try if this helps right now and post results later
这篇关于团队测试:失败的负载.请求失败:服务器违反了协议.Section = ResponseHeader Detail = CR必须跟随LF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
