I have been testing the PS3 browser (NetFront) with embedded Flash components on a web page and there seems to be a rather serious bug with the way that any requests from Flash are issued. The browser is adding a referrer (referer) and so is the Flash player resulting in duplicate headers. This is actually OK if the referrer headers are the same, however they are not, and as a result the request is stopped by http.sys on W2k8. This is a major issue for me as I have a Flash component that needs to call web services in order to function.
Is there some way that we can filter or allow these requests through, possibly stripping the duplicate headers along the way.
Some solutions that we have thought of but are either suboptimal or not possible with our development and live environments are:
For reference the following request will reproduce the problem (copy and paste into Fiddler or other tool, I'm assuming you are running IIS7, W2K8 as we are). You should get a 400 Bad Request response.
GET / HTTP/1.1 Host: localhost Referer: http://localhost/NetFrontBrowser/ Referer: http://localhost/Flash/
Many thanks
stmedit from the Windows DDK "demonstrates replacing a string pattern for a Transmission Control Protocol (TCP) connection using the Windows Filtering Platform (WFP)".
A little bit of additional hackery turns it into an FSM which can dump all but the first referrer string.