locked
SSI CGI command returning headers in IIS 7.5, but not in IIS 5 RRS feed

  • Question

  • User-780480106 posted
    Hello, I am currently working on a project to migrate from Windows 2000 running IIS 5 to Windows 2008 R2 running IIS 7.5. In some of our HTML files we have a server side include like this:

    #exec cgi="/Scripts/Manager.dll?CMD=CMDManage"

    In IIS 5 this works fine, but in IIS 7.5 in addition to the content from the dll, I also get the headers:
    HTTP/1.1 200 OK Server: Microsoft-IIS/7.5 Date: Thu, 07 Apr 2011 01:01:40 GMT Connection: close Content-Type: text/html Expires: 0 Pragma: no-cache

    Is there any way to configure SSI to not include the headers or strip them out like it did in IIS5? Or is there a way to work around this issue? It is kind of a show stopper for us.

    Any help is appreciated, thanks.

    Wednesday, April 6, 2011 9:16 PM

Answers

  • User299556178 posted

    According to the HTTP RFC, there should always be an extra CRLF on its own line (no matter if there is a body or not). That's how the server/client knows that the header section has ended, and the body is started (two CLRF after each other).

    Maybe IIS 5 did not follow this specification, but IIS 7 does it? It is not the first time i see applications fail because previous versions of IIS was more "forgiving", and IIS 7 is now much more restrict when it comes to following the standards.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Saturday, April 9, 2011 1:35 AM

All replies

  • User299556178 posted

    Can you please tell us how you have set up server side includes on the server? I just trid on my server and it worked.

    Please also give us the line(s) on how you include the files, so we can have a look at that.

    Thursday, April 7, 2011 2:26 AM
  • User-780480106 posted
    The server side includes are setup very generically. I added the Server Side Include role to IIS, and under Handler Mappings *.html, *.shtml, *.shtm, and *.stm are all mapped to the ServerSideIncludeModule. I edited the OP to show the include I am using, it was hidden before because I had included the HTML comment sections. Here it is again: #exec cgi="/Scripts/Manager.dll?CMD=CMDManage"
    Thursday, April 7, 2011 1:09 PM
  • User-780480106 posted
    If we include a third set of CRLF with our headers the server side includes stop showing the headers. This seems like a bug in SSI.dll. Unfortunately this isn't a viable solution because that puts a blank line at that top of the body of every HTTP request, which could cause other issues.
    Thursday, April 7, 2011 6:59 PM
  • User299556178 posted

    Third? Isn't it supposed to be one CRLF after each message header? If i understand the RFC 822 correctly it should only be one. Have you tried that?

    Friday, April 8, 2011 2:23 AM
  • User-780480106 posted
    There is one CRLF on its own line (between the header and body), which means two CRLFs in a row (one from the last line in the header, and one on its own line before the body). In order to get SSI to work properly, it needs three in a row (two CRLFs on their own lines).
    Friday, April 8, 2011 2:45 AM
  • User299556178 posted

    I misunderstood you, i thought you had two CLRF after each header line. It should be one CLRF after the last header, and then one on its own line.

    Is it possible for you to paste the headers and body when calling the included file (not the resulted html-page, I only want the output of ="/Scripts/Manager.dll?CMD=CMDManage)?

    I want to see if there is anything strange with that. Otherwise i will have to write a simple cgi and try myself what is happening (i didn't have any C compiler yesterday, but i can install one today when i get home).

    Friday, April 8, 2011 3:15 AM
  • User299556178 posted

    Okay, i have tried this with a simple "hello world"-cgi. It works as expected, no extra headers are printed. So i have a feeling that your cgi does something incorrectly.

    What headers does it print? How does the response header section look like in your code?

    Friday, April 8, 2011 10:20 AM
  • User-780480106 posted
    Kristofer, thanks for following up on this. Here are the headers that are seen when hitting the page we are trying to include directly and analyzing the request with Fiddler:
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Fri, 08 Apr 2011 17:20:21 GMT
    Connection: Keep-Alive
    Content-Type: text/html
    Expires: 0
    Pragma: no-cache
    Vary: Accept-Encoding
    Content-Encoding: gzip
    Content-Length: 21
    #CRLF on it own line#
    #BODY#
    
    and when we try and include it on a page the page prints out:
    HTTP/1.1 200 OK
    Server: Microsoft-IIS/7.5
    Date: Fri, 08 Apr 2011 17:23:52 GMT
    Connection: close
    Content-Type: text/html
    Expires: 0
    Pragma: no-cache
    #CRLF on it own line#
    #body#
    
    The response header section of our code is fairly complicated, so I cannot discount the possibility there is still something janky in there. Would it be possible for you to post your hello world dll for me to try on our server?
    Friday, April 8, 2011 1:42 PM
  • User299556178 posted

    This is a very simple "hello world":

    http://www.it-notebook.org/temp/cgi-test.zip

    Friday, April 8, 2011 3:37 PM
  • User-780480106 posted
    So we figured out the cause of our problem, and are able to implement a work around, but it still seems like a bug in the SSI.dll. The problem was the way in which content is being returned by our ISAPI dll. Previously our code would:
    Send header with CRLF on last line
    Check if we should send body
    Send CRLF on its own line
    Send Body
    
    We can change it to:
    Send header with CRLF on last line + CRLF on its own line
    Check if we should send body
    Send Body
    
    Essentially SSI.dll doesn't seem to be waiting for the full response before trying to determine where the headers end, and and if it doesn't see the double CRLF in the first piece of data it gets back it will never strip out the headers. The IIS5 version handles this better for some reason.
    Friday, April 8, 2011 8:47 PM
  • User299556178 posted

    According to the HTTP RFC, there should always be an extra CRLF on its own line (no matter if there is a body or not). That's how the server/client knows that the header section has ended, and the body is started (two CLRF after each other).

    Maybe IIS 5 did not follow this specification, but IIS 7 does it? It is not the first time i see applications fail because previous versions of IIS was more "forgiving", and IIS 7 is now much more restrict when it comes to following the standards.

    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Saturday, April 9, 2011 1:35 AM
  • User212924439 posted

     That is very simple.

     

     

    by Mr. groupon script

    Saturday, April 9, 2011 11:19 AM