[ic] Vend::Track lengthy headers cause ISEs in Apache

Jon Jensen jon at endpoint.com
Thu May 20 21:32:26 UTC 2010


On Thu, 20 May 2010, Brian J. Miller wrote:

> Spent quite a while tracking this one down today, it would be a rather 
> unusual occurrence, but if you have Track enabled and "excessively" long 
> values for various data fields, such as code, description, category then 
> when IC provides an outputted response and includes the X-Track header 
> most versions of Apache will fall over returning a 500 Internal Server 
> Error whenever the header's value hits the 8kb mark.

Wow. That's really nasty. Very nice sleuthing, Brian.

I don't know anyone who uses the X-Track response header for anything, and 
can't recall hearing of anyone using it in the last 10 years. At the very 
least, we should make "UserTrack no" the default in catalog.cfg. Anyone 
who wants it could still have it, and it wouldn't affect existing 
installations even after an upgrade.

But arguably we should just get rid of the UserTrack code altogether. The 
X-Track header is a waste, and the logs are mostly redundant with what 
Apache logs or things like Google Analytics tracks. Anyone that wants 
custom tracking of ecommerce stuff probably would need to do their own 
Autoload to get the specific logging they want anyway.

Anyone in support of removing the whole UserTrack module altogether?

Anyone *not* in support of at least making "UserTrack no" the default in 
catalog.cfg?

Jon


-- 
Jon Jensen
End Point Corporation
http://www.endpoint.com/



More information about the interchange-users mailing list