koldfront

412 Precondition Failed

Lately a PHP-script called "bad-behavior", intended to keep spam-bots and the like away from websites, has begun being used on some websites.

I noticed this because on those websites I got a page with the title "412 Precondition Failed" and a lot of verbiage suggesting that I be spam-bot or of mal-intentions, instead of the expected page.

After emailing one of the website-owners, he showed me the entries that the script registered for my hits and they indicated that the script has decided that sending a "Connection: close"-header along with a "TE: chunked"-header is a sure sign of bad behaviour.

Now, I use wwwoffle to filter away ads and the like when browsing, and wwwoffle was sending exactly that combination of headers.

From quickly perusing the RFC for HTTP 1.1, I can't see that the combination of those headers should be invalid.

Update: The author of the "bad-behavior" script explained to me where the RFC says that, and although the wording of that paragraph is quite twisted it looks like he is right. I have sent the information to the author of wwwoffle, hoping that if he agrees with the reading of the RFC, he will change wwwoffle accordingly.

Meanwhile the quick work-around is to change wwwoffle.conf to read: "request-chunked-data = no" in the OnlineOptions-part.

I hope the author of the bad-behavior script soon removes this false positive-generating test.

In general not generating false positives in such a script must be exceedingly hard.