0

Updated 11th Feb

Running an ASP.NET MVC website. On this, we have one page that has multiple AJAX GET and one user-initiated AJAX POST back to our server. For a very small percentage of users (but significant number), they're getting "err_connection_reset" for their POST. This seems to be happening across multiple browsers and appears to be a recent phenomenon.

However, we are unable to duplicate this in-house with any browser (using client machines across the globe). We also have literally tens of thousands of users for whom this works perfectly.

We were lucky enough to have one user who was able to give us some details from Chrome's Developer Tools:

a - the Console showed an error for the POST that simply states "net::ERR_CONNECTION_RESET"

b - From the recorded HAR file, we can see the details for this event (some data replaced with ***):

{
"startedDateTime": "2020-02-07T19:09:32.786Z",
"time": 0.06441399999312125,
"request": {
    "method": "POST",
    "url": "http://****.*********.***/************/************",
    "httpVersion": "",
    "headers": [
        {
            "name": "Host",
            "value": "****.*********.***"
        },
        {
            "name": "Connection",
            "value": "keep-alive"
        },
        {
            "name": "Content-Length",
            "value": "864"
        },
        {
            "name": "Accept",
            "value": "*/*"
        },
        {
            "name": "X-Requested-With",
            "value": "XMLHttpRequest"
        },
        {
            "name": "User-Agent",
            "value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36"
        },
        {
            "name": "Content-Type",
            "value": "application/json"
        },
        {
            "name": "Origin",
            "value": "http://****.*********.***"
        },
        {
            "name": "Referer",
            "value": "http://****.*********.***/************?************"
        },
        {
            "name": "Accept-Encoding",
            "value": "gzip, deflate"
        },
        {
            "name": "Accept-Language",
            "value": "en-US,en;q=0.9"
        },
        {
            "name": "Cookie",
            "value": "************"
        }
    ],
    "queryString": [],
    "cookies": [
        {
            "name": "************",
            "value": "************",
            "expires": null,
            "httpOnly": true,
            "secure": false
        }
    ],
    "headersSize": -1,
    "bodySize": 864,
    "postData": {
        "mimeType": "application/json",
        "text": "************"
    }
},
"response": {
    "status": 0,
    "statusText": "",
    "httpVersion": "",
    "headers": [],
    "cookies": [],
    "content": {
        "size": 0,
        "mimeType": "x-unknown"
    },
    "redirectURL": "",
    "headersSize": -1,
    "bodySize": -1,
    "_transferSize": 0,
    "_error": "net::ERR_CONNECTION_RESET"
},
"cache": {},
"timings": {
    "blocked": 0.06441399999312125,
    "dns": -1,
    "ssl": -1,
    "connect": -1,
    "send": 0,
    "wait": 0,
    "receive": 0,
    "_blocked_queueing": -1
},
"serverIPAddress": "",
"_initiator": {
    "type": "script",
    "stack": {
        "callFrames": [
            {
                "functionName": "send",
                "scriptId": "301",
                "url": "http://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js",
                "lineNumber": 1,
                "columnNumber": 80265
            },
            {
                "functionName": "ajax",
                "scriptId": "301",
                "url": "http://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js",
                "lineNumber": 1,
                "columnNumber": 77117
            },
            {
                "functionName": "n.ajax",
                "scriptId": "303",
                "url": "http://****.*********.***/bundles/************",
                "lineNumber": 0,
                "columnNumber": 2482
            },
            {
                "functionName": "************.************",
                "scriptId": "254",
                "url": "http://****.*********.***/bundles/************",
                "lineNumber": 0,
                "columnNumber": 69415
            },
            {
                "functionName": "************.************",
                "scriptId": "254",
                "url": "http://****.*********.***/bundles/************,
                "lineNumber": 0,
                "columnNumber": 67115
            },
            {
                "functionName": "dispatch",
                "scriptId": "301",
                "url": "http://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js",
                "lineNumber": 1,
                "columnNumber": 41771
            },
            {
                "functionName": "y.handle",
                "scriptId": "301",
                "url": "http://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js",
                "lineNumber": 1,
                "columnNumber": 39790
            }
        ]
    }
},
"_priority": "High",
"_resourceType": "xhr",
"pageref": "page_1"
}

From the timings section, it seems that this call was blocked for about 64 microseconds (probably behind the other AJAX calls), but that it failed to queue and was never sent.

I'm not seeing a) what would cause this and b) how to dig deeper into this. Any suggestions?

Update: 11th Feb

On analysing a larger HAR file, I can see that it's only affecting POSTS where the Content-Type is "application/json".

DrGriff
  • 4,394
  • 9
  • 43
  • 92
  • 1
    I appreciate this was some time ago but did you ever find the cause? I have a single user experiencing the exact same problem with our website. – Jon Bellamy Mar 17 '21 at 15:20
  • 1
    We did. For this particular instance it turned out that SonicWall (brand of firewalls) had an optional setting to block these sorts of calls and a few of our customers had decided that they were better off turning it on. The solution for us was to swap over to HTTPS. – DrGriff Mar 18 '21 at 17:44
  • ah, OK, thanks. Unfortunately, we're already on HTTPS so that's not going to be it. I'm convinced ours is client-side, but I want to rule everything out. – Jon Bellamy Mar 22 '21 at 17:06
  • I'd suggest getting wireshark to capture what leaves your domain and what arrives at their domain. It maybe the client's firewall. HTTPS isn't the panacea since some firewalls can do a deep inspection, but that requires the firewall to decrypt the traffic. – DrGriff Mar 23 '21 at 20:41
  • I'll take a look. Thank you for your help @DrGriff! – Jon Bellamy Apr 06 '21 at 07:46
  • @JonBellamy: Jon, if you find a different resolution then be sure to post that here. – DrGriff Apr 12 '21 at 10:51
  • Of course! Right now, it doesn't look like it was us. I keep digging, but it seems limited to users going through one UK ISP. – Jon Bellamy Apr 12 '21 at 17:38

0 Answers0