curl-users
Re: Access is denied due to an ACL set Dan Fandrich (2007-06-29)
Date: Fri, 29 Jun 2007 13:02:04 -0700 (PDT)
Thank you very much for your reply.
>Have you compared what curl sends with what you get from LiveHTTPHeaders?
>Obviously, something is missing. --trace-ascii should show you what.
The following lists part of the LiveHTTPHeaders and part of the trace file from
Curl
***************************************************************************************************
In LiveHTTPHeaders,
…
Content-Disposition: form-data; name="transaction"
fileuploadnowiz
-----------------------------20452572828792
Content-Disposition: form-data; name="cookie"
siLockLongTermInstID=6688; ASP.NET_SessionId=flflai45fsnmncjf42wpfd55; DMZCookieTest=342156
-----------------------------20452572828792
Content-Disposition: form-data; name="server"
www.somesite.net
-----------------------------20452572828792
Content-Disposition: form-data; name="url"
/home/humanresource.aspx
-----------------------------20452572828792
Content-Disposition: form-data; name="instid"
9466
-----------------------------20452572828792
Content-Disposition: form-data; name="customwizlogonenabled"
1
-----------------------------20452572828792
Content-Disposition: form-data; name="customwiznameupload"
INSUISFT Upload Wizard
-----------------------------20452572828792
Content-Disposition: form-data; name="Arg12"
home
-----------------------------20452572828792
Content-Disposition: form-data; name="Arg06"
559187
-----------------------------20452572828792
Content-Disposition: form-data; name="Arg01"
648976
-----------------------------20452572828792
Content-Disposition: form-data; name="Arg02"; filename="test1.txt"
Content-Type: text/plain
This is just a test file for uploading.
-----------------------------20452572828792
Content-Disposition: form-data; name="Upload This File"
- Upload -
-----------------------------20452572828792--
HTTP/1.x 303 See Other
Connection: close
Date: Fri, 29 Jun 2007 18:07:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /home/humanresouce.aspx?Opt10=3338095&Opt11=&Arg01=648976&Arg06=559187&Arg12=home&Upload The File=%2d+Upload+%2d&cookie=siLockLongTermInstID%3d6688%3b+ASP%2eNET%5fSessionId%3dflflai45fsnmncjf42wpfd55%3b+DMZCookieTest%3d342156&customwizlogonenabled=1&customwiznameupload=INSUISFT+Upload+Wizard&instid=6688&server=www%2esomesite%2enet&transaction=fileuploadnowiz&url=%2fhome%2fhumanresouce%2easpx
****************************************************************************************************
While with curl –trace-ascii, the trace file contains the following:
…
Content-Disposition: form-data; name="transaction"
0060:
0062: fileuploadnowiz&cookie=siLockLongTermInstID%3D9466%3B%20ASP.NET_
00a2: SessionId%3Dz44gvt45fwujyk4511mkigyz%3B%20DMZCookieTest%3D123456
00e2: &server=www.somesite.net&url=/home/humanresource.aspx&instid=9466&customw
0122: izlogonenabled=1&customwiznameupload=INSUISFT+Upload+Wizard&Arg12=home&
0162: Arg06=559187&Arg01=648976&Arg02=@test1.txt&Upload+The+Fi
01a2: le=-+Upload+-
<= Recv header, 24 bytes (0x18)
0000: HTTP/1.1 303 See Other
<= Recv header, 19 bytes (0x13)
0000: Connection: close
<= Recv header, 37 bytes (0x25)
0000: Date: Fri, 29 Jun 2007 18:25:47 GMT
<= Recv header, 27 bytes (0x1b)
0000: Server: Microsoft-IIS/6.0
<= Recv header, 23 bytes (0x17)
0000: X-Powered-By: ASP.NET
<= Recv header, 504 bytes (0x1f8)
0000: Location: ?Opt10=0&Opt11=An error occurred as a result of an invalid
0040: or negative response.&transaction=fileuploadnowiz%26cookie%
0080: 3dsiLockLongTermInstID%3d6688%3b+ASP%2eNET%5fSessionId%3dz44gvt4
00c0: 5fwujyk4511mkigyz%3b+DMZCookieTest%3d342156%26server%3dwww%2ebci
0100: daho%2enet%26url%3d%2fhome%2fhumanresouce%2easpx%26instid%3d6688%26cust
0140: omwizlogonenabled%3d1%26customwiznameupload%3dINSUISFT+Upload+Wizard%26
0180: Arg12%3dhome%26Arg06%3d559187%26Arg01%3d648976%26Arg02%3d%40test
01c0: 1%2etxt%26Upload+The+File%3d%2d+Upload+%2d
***************************************************************************************************
When compare the LiveHTTPHeaders with the trace file, I found the following
differences:
First, in the LiveHTTPHeaders, each form field is listed as a variable and followed by its value, but in the trace file, only “transaction” is listed as a variable, all the others and the corresponding values are listed as the value of “transaction”. When I do the curl, I used curl –F “transaction=fileuploadnowiz&cookie=siLockLongTermInstID%3d6688%3B%20ASP.NET_Session%3D…..” URL
Second, in the LiveHTTPHeaders, in the location address, there is 7-digit value for Opt10 and nothing for Opt11, while in the trace file, the value for Opt10 is 0 and the value for Opt11 is “An error occurred….”. For the value of Opt10 in LiveHTTpHeaders, I don’t know where it comes from, but this value changes whenever I relog in. It might be created by JavaScript. I notice there are some JavaScript code in the source file. If this is the case, does this mean I have no way to continue to the correct redirection page?
Third, in the location address of LiveHTTPHeaders, there is “=” between each pair of variable and value, while in the location address of the trace file, there is url encoded code for “=” between each pair of variable and value except the first three pairs. This might be caused by First difference as above, but does this matter?
Fourth, in the LiveHTTPHeaders, the location begins with /home/humanresouce.aspx?Opt10=…… while in the trace file the location begins with ?Opt10=……
>Sounds like you need the --user and --anyauth options to provide user
credentials to the site.
I also tried –u user:password and –-anyauth, but neither helps.
Thanks again.
---------------------------------
Food fight? Enjoy some healthy debate
in the Yahoo! Answers Food & Drink Q&A.
Received on 2007-06-29