What specific data being sent via HTTP POST could result in an HTTP 504 Error?

I've got a site that uses an order entry form and sends a rather decently sized POST request when the form is submitted.

However, when a particular value is passed in one of our form variables (OrderDetail), every time without fail, it gets an error page in the browser and a 504 error via Fiddler.

Here are a couple examples of tests I ran last night sending POST requests through Fiddler. When the "OrderDetail=" value is changed to the below it will either submit successfully or return a 504 error after a few seconds:

These ones FAIL:

• &OrderDetail=Deliver+Writ+of+Execution%3B+and+Application+for+Earnings+Withholding+Order+to+Los+Angeles+County+Sheriff+DASH+Court+Services+Division+per+instructions
• &OrderDetail=Deliver+Execution+Earnings+Withholding+Order+to+Los+Angeles+County+Sheriff+DASH+Court+Services+Division+per+instructions
• &OrderDetail=Deliver+Writ+of+Execution%3B+and+Application+for+Earnings+Withholding+Order+to+Los+Angeles+County+Sheriff
• &OrderDetail=Deliver+Writ+of+Execution%3B+Application+for+Earnings+Withholding+Order+to+Los+Angeles+County+Sheriff
• &OrderDetail=Writ+of+Withholding+Execution+Order+Los+Angeles+County+Sheriff
• &OrderDetail=writ+Execution+adsfsdfsdfsd+Order+County
• &OrderDetail=wd+Execution+adsfsdfsdfsd+Order+Count

This got me thinking that perhaps it has to do with the words "Exec" ('Exec' and 'Execution' throw errors, 'Exe' does not) and "Count" ('County' and 'Count' throw errors, 'Cont' does not)

However, I haven't seen anything this specific mentioned in google searches regarding the 504 error.

Regarding the Coldfusion code around this, there is nothing fancy for this page. Just a standard form post. I added a cfmail test in the Application file and on these failures it is never ran, so this seems to be between the browser and IIS. We're on a shared server, so I can't see too much there, though.

Oddly enough, when the &OrderDetail= param is changed to one of these values (very similar to the above), the result is success:

• &OrderDetail=wd+Execution+adsfsdfsdfsd+Order+Coun
• &OrderDetail=wd+Execution+adsfsdfsdfsd+Order+Conty
• &OrderDetail=Writ+of+Withholding+Order+Execution+Los+Angeles+County+Sheriff
• &OrderDetail=Writ+of+Withholding+ExecutionOrder+Los+Angeles+County+Sheriff

In the 3rd one, I put 'Order' BEFORE 'Execution' and it works..

The total length of this POST request is about 4720 characters. I've increased the length of this one field to 5-6 times its length and they passed, so it almost seems tied to the value of 开发者_如何学运维the "&OrderDetail" param in the POST.

Any ideas on why this specific data could be an issue for a web server? I've never seen this before and it doesn't continue to be a problem for nearly any other request going through.

One interesting note as well: In the POST request, this variable is pretty close to the start of the param list. If I delete everything after it, it goes with no problem. Although I haven't been able to nail down what in the subsequent lines could be causing it. I can post the entire request if it will help.

More importantly though, I just want to know what could qualify as "reserved" or "illegal" for FORM data. Everything appears to be escaped properly so I'm not sure what else can be done here except for some pre-processing javascript to further escape any such words.

Thanks!

Given that EXEC and COUNT are causing the error, whilst putting ORDER before EXEC is preventing the error, this sounds like something is making a flawed attempt at protecting from SQL injection attacks.

If you have any software in place that claims to do that, I would see if (temporarily) disabling it stops the problem from occurring.
_{(This software might be at the firewall level, so you may need to talk to your sys admins.)}

Importantly, I would also check your codebase for where OrderDetail is used, and make sure that it is using cfqueryparam whenever it is used inside a query - and the same goes for all other user-supplied data.