koldfront

412 Precondition Failed

๐Ÿ•“๏ธŽ - 2006-01-15

Lately a PHP-script called "bad-behavior", intended to keep spam-bots and the like away from websites, has begun being used on some websites.

I noticed this because on those websites I got a page with the title "412 Precondition Failed" and a lot of verbiage suggesting that I be spam-bot or of mal-intentions, instead of the expected page.

After emailing one of the website-owners, he showed me the entries that the script registered for my hits and they indicated that the script has decided that sending a "Connection: close"-header along with a "TE: chunked"-header is a sure sign of bad behaviour.

Now, I use wwwoffle to filter away ads and the like when browsing, and wwwoffle was sending exactly that combination of headers.

From quickly perusing the RFC for HTTP 1.1, I can't see that the combination of those headers should be invalid.

Update: The author of the "bad-behavior" script explained to me where the RFC says that, and although the wording of that paragraph is quite twisted it looks like he is right. I have sent the information to the author of wwwoffle, hoping that if he agrees with the reading of the RFC, he will change wwwoffle accordingly.

Meanwhile the quick work-around is to change wwwoffle.conf to read: "request-chunked-data = no" in the OnlineOptions-part.

I hope the author of the bad-behavior script soon removes this false positive-generating test.

In general not generating false positives in such a script must be exceedingly hard.

Add comment

To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Twitter, Facebook, Google or even Microsoft GitHub.

I have chosen to use a more old school method of spam prevention.

To post a comment here, you need to:

ยน Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).

Or, you can fill in this form:

+=