tags:

views:

502

answers:

3
+6  Q: 

What can be causing IIS to receive the HTTP verb "2GET"

I have a user who is intermittently receiving an HTTP 405 when clicking a link within my application. There is nothing funny about the link, as far as I can see...

<a id="ctl00_ctlNavigationMenu_viewTransfersLink" href="Navigate.ashx?target=6">- View Transfers</a>

As I said, most of the time the link executes successfully. However, very ocassionally the user has been met with:

405 - HTTP verb used to access this page is not allowed.

When I inspect the IIS log, I can see the following entry:

2009-02-04 15:12:50 192.168.202.204 2GET /Navigate.ashx target=6 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 13203

This seems to be reporting that the user's browser has submitted a request using the verb 2GET. How can this be?

Looking through the log on our test server, I can see a few other instances of this problem:

2008-11-06 13:30:10 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 109
2008-11-06 13:31:44 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 62
2008-11-06 13:37:20 192.168.202.204 2GET /Content/Css/datepicker.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 109
2008-11-06 14:06:00 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 125
2008-11-06 16:30:42 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 406
2008-11-07 11:01:07 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 406
2008-11-10 11:27:31 192.168.202.204 2GET /Content/Css/origo_advanced_horiz.css - 80 - 192.168.202.190 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322) 405 0 1 46
2009-02-03 12:00:38 192.168.202.204 2GET /Navigate.ashx target=6 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 13438
2009-02-03 12:00:49 192.168.202.204 2GET /Navigate.ashx target=6 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 1593
2009-02-04 15:12:50 192.168.202.204 2GET /Navigate.ashx target=6 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 13203

We're running on IIS7.

Any ideas? Does 2GET exist as a verb? Can it be related to the UpdatePanel on my form?

Sandy

UPDATE: I'm getting all kinds of odd verbs: 2GET, 9GET, 1POST, 5POST...

2009-02-04 15:12:50 192.168.202.204 2GET /Navigate.ashx target=6 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 13203
2009-02-04 15:28:12 192.168.202.204 1POST /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 3171
2009-02-04 15:28:28 192.168.202.204 5POST /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 2515
2009-02-04 15:34:21 192.168.202.204 5POST /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 1828
2009-02-04 15:44:52 192.168.202.204 2GET /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 5390
2009-02-04 16:15:23 192.168.202.204 2POST /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 7781
2009-02-04 16:16:04 192.168.202.204 2GET /Navigate.ashx target=3 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 44938
2009-02-04 16:16:09 192.168.202.204 2GET /Navigate.ashx target=3 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 45876
2009-02-04 16:16:27 192.168.202.204 2GET /Content/Css/reset.css - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 4687
2009-02-04 16:16:52 192.168.202.204 9GET /Transfer/View.aspx - 80 - 192.168.202.141 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.2;+.NET+CLR+2.0.50727) 405 0 1 5468
+2  A: 

This request is malformed GET request is coming from the browser side. And you can pinpoint error to IP 192.168.202.204.

It is not IIS or your server, it is not network card (TCP has error correction).

It can be that browser is buggy or that there is some proxy / firewall on that box that interceps http trafic. Could be the virus too. But, as I see, it's on the client side.

dmajkic  2009-02-04 16:39:48
A: 

Very odd indeed.

  • Is this only occurring from one computer?
  • Are these requests coming directly from the user's computer, via a proxy, or perhaps via ISA Server?
  • Is it an option to install IEHttpHeaders onto the problem browser and monitor the HTTP headers from that end?
J c  2009-02-04 16:42:10
+1  A: 

If you have access to the client machine, run Wireshark on it to capture the traffic going to your server. You should also run Wireshark on the server and filter for trafic coming from that IP address, to rule out a problem in IIS (unlikely as it is.)

Knowing what goes on the wire can help you to narrow down where the problem is. Most likely, you'll see traffic closer to the browser looking OK, and getting corrupted by something on its way to the server, but at least you'll be able to narrow down on a smaller list of likely suspects.

Ori Pessach  2009-02-04 18:16:34

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps