locked
ActiveSync - An HTTP request smuggling attempt was detected. RRS feed

  • Question

  • Hey guys,

    Not sure if I am posting this correctly, but just an FYI if others run into this issue.  When we recently published OWA and ActiveSync on a UAG Solution we had ran into problems when attaching larg(er) files from the windows Mobile Device.  If you forward the message...there is no problem, but when creating a new attachment, it will fail on sending the message and log a message similar to the following in UAG:

    A request from source IP address x.x.x.x.on trunk exchangewebservices; Secure=1 for application Exchange2003 (application ID: ###111###111###) of type ExchangePub2003SP1 failed. An HTTP request smuggling attempt was detected.

    We came to the conclusion that smuggling protection was enabled on the Exchang Application.  It had a 'Maximum size of POST request" set to 49152 or 48 KB.  When sending a new attachment, the POST request size would obviously be greater than 48KB and it would be blocked.  We upped this value for our organization and it appears to have resolved the issue.

    Hope this may help someone else in the future.

    Thursday, July 15, 2010 5:33 PM

Answers

  • We came to the conclusion that smuggling protection was enabled on the Exchang Application.  It had a 'Maximum size of POST request" set to 49152 or 48 KB.  When sending a new attachment, the POST request size would obviously be greater than 48KB and it would be blocked.  We upped this value for our organization and it appears to have resolved the issue.
    • Marked as answer by JCred101 Thursday, July 15, 2010 5:34 PM
    Thursday, July 15, 2010 5:34 PM