[ic] Vend::Track lengthy headers cause ISEs in Apache

Bill Carr bill at bottlenose-wine.com
Thu May 20 21:41:42 UTC 2010

On May 20, 2010, at 5:32 PM, Jon Jensen wrote:

> On Thu, 20 May 2010, Brian J. Miller wrote:
>> Spent quite a while tracking this one down today, it would be a rather unusual occurrence, but if you have Track enabled and "excessively" long values for various data fields, such as code, description, category then when IC provides an outputted response and includes the X-Track header most versions of Apache will fall over returning a 500 Internal Server Error whenever the header's value hits the 8kb mark.
> Wow. That's really nasty. Very nice sleuthing, Brian.
> I don't know anyone who uses the X-Track response header for anything, and can't recall hearing of anyone using it in the last 10 years. At the very least, we should make "UserTrack no" the default in catalog.cfg. Anyone who wants it could still have it, and it wouldn't affect existing installations even after an upgrade.
> But arguably we should just get rid of the UserTrack code altogether. The X-Track header is a waste, and the logs are mostly redundant with what Apache logs or things like Google Analytics tracks. Anyone that wants custom tracking of ecommerce stuff probably would need to do their own Autoload to get the specific logging they want anyway.
> Anyone in support of removing the whole UserTrack module altogether?
UserWhat??? I say remove it. I didn't even know it existed.

Bill Carr 
Bottlenose - Wine & Spirits eBusiness Specialists 
(413) 584-0400 

More information about the interchange-users mailing list