Fiddler2 and Bad Behavior
If you have ever had to debug HTTP traffic, you probably already know what a great tool Fiddler2 is. I was recently using it to debug some WordPress 2.5 issues I was having with a test blog and noticed I was getting an odd error returned from the web site: Error 403
I recognized this as the error that Bad Behavior (a spam-fighting plugin) returns when it sees something wrong with the the request being made to the web site. Apparently Fiddler was sending a “Proxy-Connection: Keep-Alive” header that Bad Behavior was rejecting as invalid. I thought that this might be BB being overzealous in its blocking, but after doing more research it appears that the “Proxy-Connection” header is a non-standard, extended header not included in any HTTP specification.
It appears, according to HTTP: The Definitive Guide by David Gourley that this header is simply a hack to get around an issue with miscommunication between proxies.
After some more Googling, I found the simple fix:
In the Fiddler menu, select Rules › Customize Rules and then, in the OnBeforeRequest function, add this line:
-
oSession.oRequest.headers.Remove("Proxy-Connection");
Now Fiddler will no longer forward on this unnecessary header and Bad Behavior will be happy!
Worse, Proxy-Connection was a header proposed by Netscape about a decade ago, but the proposal was never officially accepted. Nevertheless people implemented it, and despite the fact that it doesn’t exist, isn’t documented anywhere, and is debatable as to whether it’s actually necessary at all, people continue to implement it. I haven’t yet figured out why.
Yep. And thanks for your great work on Bad Behavior. It has saved me tons of headaches from spam.
Specifically, the problem was that IE emits the Proxy-Connection header when it detects there is a proxy (aka Fiddler) but Fiddler did not remove the Proxy-Connection header. Ordinarily, that’s entirely harmless, but that particular HTTP filter gets upset by it.
…I should further mention that this issue is resolved in Fiddler 2.2.
Wow! Thanks for the heads up, Eric. Is F2.2 available for download yet?
[…] this to be some kind of hash on the request data, and that Fiddler was modifying it (true, see the Proxy-Connection header included above, and it might also mess with the request line) but that cannot quite be, […]