dlptest.com webpage shows the error "Server responded with 0 code"
search cancel

dlptest.com webpage shows the error "Server responded with 0 code"

book

Article ID: 370289

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Endpoint Suite

Issue/Introduction

While conducting some policy tests by uploading some documents to dlptest.com a DLP block popup message appears as intended, but some other tests the website returned "Server responded with 0 code".

The CISO is concerned and wishes to know why this error code was returned.

Environment

DLP Endpoint Agent

Cause

From testing by Broadcom we can see the "Server responded with 0 code" was returned when on the webpage https://dlptest.com/ when the DLP Agent blocked a file upload. 

from the Endpoint Agent edpa_ext0.log (deobfuscated) you may see an event similar to this: 

The "Request Id #103943 SUCCESS prevent" indicates the file was prevented (i.e. blocked) from being uploaded.

05/28/2024 16:09:09 | 5224 | INFO | CoreServices.MessageLogger | MESSAGETYPE_DETECTION_REQUEST MESSAGESOURCE_FILE_SYSTEM_CONNECTOR 05/28/2024 14:09:09 [

Request Id #103943
Detection Request Details :
Session Command : Single Request
Request Type : Data In Motion Request
 
Dim Detection Request Details :
Process Id : 788
Process Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Application Name : Microsoft Edge
User : XXXXX
Domain : Test
Time Stamp : 05/28/2024 14:09:09
Dim Event Type : HTTP(S)
 
HTTP(S) Details :
URL : https://dlptest.com/https-post/
 
Network Info Details :
Source IP :
Source Port : 0
Source Domain :
Destination IP :
Destination Port : 0
Destination Host Name : dlptest.com
 
File Attachment Details :
File Path : C:\Temp\Test\Testdoc.xlsx
]
05/28/2024 16:09:09 | 5224 | INFO | CoreServices.MessageLogger | MESSAGETYPE_DETECTION_RESPONSE MESSAGESOURCE_DETECTION_CACHE 05/28/2024 14:09:09 [
Request Id #103943 SUCCESS prevent
Scan Time : 0 ms]
 
 
If the file was no blocked it would show the allowed result like this: "Request Id #xxxxxxx SUCCESS allow"
In addition if you want to know if there was an incident generated or not you would look for "no incidents" or "has incidents".
 
e.g.
 
[req#107718 SUCCESS no incidents]
[req#104311 SUCCESS has incidents]

Resolution

The "Server responded with 0 code" message is generated by the website itself, it's not a DLP generated message. 

The Server responded with 0 code instead of giving the typical HTTP 500 error when the server didn't receive the expected file upload as the DLP response rule blocked the file send. 

 

Additional Information

Broadcom has no affiliation with the https://dlptest.com/ website, it is not owned by Broadcom, if you encounter problems with the site or require further information please contact the site owner via Contact - DLP Test who may be able assist you further.

Here is one discussion on the "0 code" topic which may interest you: Does an HTTP Status code of 0 have any meaning? (stackoverflow.com)

Powered by Wolken Software