views:

108

answers:

1

When analyzing traffic with a packet sniffer, we are seeing an http response from a weblogic server prior to the completion of the http post to that server.

In this case, the jsp page on the server is basically a static page, no logic to do anything with the contents of the post at this time.

But why would the server send the response prior to completion of the post?

I found Weblogic documentation about how to configure the server to ignore a denial-of-service attack using Http post. Maybe that is what is happening?

No one I know has seen this behaviour before. Maybe some weblogic-savvy person will know what is going on.

Thanks

A: 

I don't think that Weblogic is analyzing the JSP to determine whether it is static or not.

My guess is that either

  1. someone else was accessing the server at the same time
  2. you saw the answer to a previous request

[EDIT] To determine what is going on, I suggest to set a breakpoint in the JSP. If you still get an answer without hitting the breakpoint, something further up the stack must be intercepting the request (for example, a cache).

Aaron Digulla
nah, this was a relatively controlled situation and we are positive we have the right response matching the request.
markn
Is there a cache somewhere?
Aaron Digulla