« Return to Thread: Reverse Ajax, Problem with blocking by antiviruses,(Avast, Kerio, NOD..)
Re: Re[dwr-dev] verse Ajax, Problem with blocking by antiviruses,(Avast, Kerio, NOD..)
by libor
::
Rate this Message:
Thanks, for reply Joe.
I have good and bad news. Bad news are, that "Transfer-Encoding:chunked" gives not enought information for avast team, because it only says, that the length of transfered data is unknown at beginning. So it is hudge technical problem to deside if functionality of web depends on if the chunk is received imediatelly or not. They will not accept chunged word as keyword for comet.
Now good news. They were so kind, that they offered me to detect DWR comet by
"Server: DWR-Reverse-Ajax ...." if string prefix for Server attribute in response header starts with "DWR-Reverse-Ajax" substring, thay will detect it, and stop blocking reverse ajax.
So for now this is hotfix. The Avast update will be released today.
They told me, thay you DWR team should deside how to describe that this response is COMET. For example by "Content-Type: COMET", and you should add it to next release, so antivirus and firewall companies could recognise it and fixe this problem universally.
So from today, you can use Avast fix, by using for example the Servlet code below except the old one DWR servlet.
package server.comunication.dwr;
public class AntivirusSolvedDWRServlet extends org.directwebremoting.servlet.DwrServlet{
public void doPost (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException{
updateReverseAjaxInfo(request,response);
super.doPost(request,response);
}
public void doGet (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException{
updateReverseAjaxInfo(request,response);
super.doGet(request,response);
}
void updateReverseAjaxInfo(HttpServletRequest request, HttpServletResponse response){
if(request.getPathInfo().indexOf("ReverseAjax.dwr")>=0){
response.setHeader("Server", "DWR-Reverse-Ajax Jetty(6.1.3)");
}
}
}
and you should change in web.xml
from:
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
org.directwebremoting.servlet.DwrServlet
</servlet-class>
to:
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
server.comunication.dwr.AntivirusSolvedDWRServlet
</servlet-class>
NOTE: Some app servers like Jetty are configurable and you can set them not to send Server attribute in response header. So if this code doesn't add this attribute, just edit /etc/jetty.xml and change/insert this row:
<Set name="sendServerVersion">true</Set>
Hope, this helped someone.
If the code postet here is "wird", it can be because of html tags dissmissed.
Anyway, I am solving this problem with Esset too, which is company developing NOD antivirus, so I hope I will bring solution for NOD too.
I have good and bad news. Bad news are, that "Transfer-Encoding:chunked" gives not enought information for avast team, because it only says, that the length of transfered data is unknown at beginning. So it is hudge technical problem to deside if functionality of web depends on if the chunk is received imediatelly or not. They will not accept chunged word as keyword for comet.
Now good news. They were so kind, that they offered me to detect DWR comet by
"Server: DWR-Reverse-Ajax ...." if string prefix for Server attribute in response header starts with "DWR-Reverse-Ajax" substring, thay will detect it, and stop blocking reverse ajax.
So for now this is hotfix. The Avast update will be released today.
They told me, thay you DWR team should deside how to describe that this response is COMET. For example by "Content-Type: COMET", and you should add it to next release, so antivirus and firewall companies could recognise it and fixe this problem universally.
So from today, you can use Avast fix, by using for example the Servlet code below except the old one DWR servlet.
package server.comunication.dwr;
public class AntivirusSolvedDWRServlet extends org.directwebremoting.servlet.DwrServlet{
public void doPost (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException{
updateReverseAjaxInfo(request,response);
super.doPost(request,response);
}
public void doGet (HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException{
updateReverseAjaxInfo(request,response);
super.doGet(request,response);
}
void updateReverseAjaxInfo(HttpServletRequest request, HttpServletResponse response){
if(request.getPathInfo().indexOf("ReverseAjax.dwr")>=0){
response.setHeader("Server", "DWR-Reverse-Ajax Jetty(6.1.3)");
}
}
}
and you should change in web.xml
from:
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
org.directwebremoting.servlet.DwrServlet
</servlet-class>
to:
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>
server.comunication.dwr.AntivirusSolvedDWRServlet
</servlet-class>
NOTE: Some app servers like Jetty are configurable and you can set them not to send Server attribute in response header. So if this code doesn't add this attribute, just edit /etc/jetty.xml and change/insert this row:
<Set name="sendServerVersion">true</Set>
Hope, this helped someone.
If the code postet here is "wird", it can be because of html tags dissmissed.
Anyway, I am solving this problem with Esset too, which is company developing NOD antivirus, so I hope I will bring solution for NOD too.
Joe Walker-3 wrote:I think that "Transfer-Encoding:chunked" is a massive clue that we're doing
comet.
Chunked mode is the part of the HTTP spec that allows us to do this:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.6
Whilst it's tempting to have the proxy manufacturers of the world constantly
on the lookout for DWR by name, I suspect they don't need to. ;-)
If the AVAST people want to contact us on the list, they're very welcome.
Joe.
On Mon, Dec 1, 2008 at 5:28 PM, libor
<liborhavlicek+dwrforum@googlemail.com<liborhavlicek%2Bdwrforum@googlemail.com>
> wrote:
>
> Hi all,
>
> I use dwr Reverse ajax, and most of antiviruses blocks reverse connection.
> The only way is to ask users to setup their web shield protection in their
> antivirus. I wrote to AVAST company and asked them for help. They told me,
> that thay are not able to analyze response header, because there is no
> information saying that it is long-term connection.
>
> My response header is this:
>
> Content-Type text/javascript; charset=ISO-8859-1
> Transfer-Encoding chunked
> Server Jetty(6.1.3)
>
> They told me, that web shield can recognise lightstreamer server according
> its response header.
>
> LightStreamer header is:
>
> Date Mon, 1 Dec 2008 16:43:17 GMT
> Server Lightstreamer/3.5 build 1426 (Lightstreamer Push Server -
> www.lightstreamer.com) Vivace edition
> Content-Type text/html; charset=iso-8859-1
> Cache-Control no-store, no-cache
> Pragma no-cache
> Expires Thu, 1 Jan 1970 00:00:00 GMT
> Content-Length 1782
> Connection Keep-Alive
>
> So my question is, how can i setup response header of DWR reverse ajax
> response (ReverseAjax.dwr) ?
>
> And other question is.. Can i setup anything from this header? Because if i
> can, they will code for me, and globally for all dwr Users exception in
> their web filter. They told me, that if i can send something like Server:
> COMET-AJAX jetty(6.1.3) they will add it to the exceptions.
>
> Thanks a lot..
>
> please try to help me, and find a way how to setup it, it will bring
> solution for all of us, who has problem with avast.
>
>
> Libor
>
>
>
> --
> View this message in context:
> http://www.nabble.com/Reverse-Ajax%2C-Problem-with-blocking-by-antiviruses%2C%28Avast%2C-Kerio%2C-NOD..%29-tp20774687p20774687.html
> Sent from the DWR - Dev mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@dwr.dev.java.net
> For additional commands, e-mail: dev-help@dwr.dev.java.net
>
>
« Return to Thread: Reverse Ajax, Problem with blocking by antiviruses,(Avast, Kerio, NOD..)
| Free embeddable forum powered by Nabble | Forum Help |
