Article ID: 238210 - View products that this article applies to.
This article was previously published under Q238210
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspxFor more information about IIS 7.0, visit the following Microsoft Web site:
Whenever ASP Buffering is enabled, either through the Microsoft Management Console (MMC) or programmatically in the Active Server Pages (ASP) page (response.buffer=true), an HTTP Keep-Alive header will be sent along with the Content-Length.
Note This problem occurs only on HTTP 1.0 clients. An HTTP Keep-Alive header is not sent for HTTP 1.1 clients. In communications between HTTP 1.1 clients and HTTP 1.1 servers, the Keep-Alive header is implied, so the header is not actually sent.
The header can be disabled by adding the following code to the top of the ASP pages:
This behavior occurs even if Keep-Alives are disabled in the MMC. The Keep-Alive will be ignored by HTTP 1.0 (browser) clients. HTTP 1.0 Proxies will require the Content-Length header to also be present. This is transmitted by default but could be modified by an Internet server application programming interface (ISAPI) filter. If a filter is used and the Content-Length is not sent, then you will have to implement the workaround described above.