OWASP O2 Platform Blog

Dealing with “The server committed a protocol violation. Section=ResponseStatusLine”

Today I had an O2 Platform user that had a problem where some of its scripts/UnitTest did not work when not routing the requests via the Fiddler web project.

When making the request directly we would receive a The server committed a protocol violation. Section=ResponseStatusLine .NET internal execption (which a Google Search will show it is quite common).

After a bit of  debug (and a couple O2 scripts later) I was able to track it down to the UseUnsafeHeaderParsing configuration setting which needs to be set to true (the defaulf is false)

There are two ways to set this UseUnsafeHeaderParsing value:

1) on the {exefile}.appconfig  settings file:

<httpWebRequest useUnsafeHeaderParsing = "true"/>

2) programatically

Action<bool> setUseUnsafeHeaderParsing =
   var settingsSection = "System".assembly().type("SettingsSectionInternal");
   var section =  settingsSection.prop("Section");
   var useUnsafeHeaderParsing  = section.field("useUnsafeHeaderParsing");
   "useUnsafeHeaderParsing = {0}".info(useUnsafeHeaderParsing);

 This script is also a good example of O2‘s powerful refection API.

Note for example how this code should look like (when using .NET Reflection APIs directly). Code snippet from http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/ff098248-551c-4da9-8ba5-358a9f8ccc57

public static bool SetAllowUnsafeHeaderParsing20()
   //Get the assembly that contains the internal class
  Assembly aNetAssembly = Assembly.GetAssembly(typeof(System.Net.Configuration.SettingsSection));
  if (aNetAssembly != null)
    //Use the assembly in order to get the internal type for the internal class
    Type aSettingsType = aNetAssembly.GetType("System.Net.Configuration.SettingsSectionInternal");
    if (aSettingsType != null)
      //Use the internal static property to get an instance of the internal settings class.
      //If the static instance isn't created allready the property will create it for us.
      object anInstance = aSettingsType.InvokeMember("Section",
      BindingFlags.Static | BindingFlags.GetProperty | BindingFlags.NonPublic, null, null, new object[] { });
      if (anInstance != null)
        //Locate the private bool field that tells the framework is unsafe header parsing should be allowed or not
        FieldInfo aUseUnsafeHeaderParsing = aSettingsType.GetField("useUnsafeHeaderParsing", BindingFlags.NonPublic | BindingFlags.Instance);
        if (aUseUnsafeHeaderParsing != null)
          aUseUnsafeHeaderParsing.SetValue(anInstance, true);
          return true;
  return false;

In fact, the O2 Script can be reduced further to:

Action<bool> setUseUnsafeHeaderParsing =

October 20, 2010 - Posted by | .NET


  1. […] a variation of Dealing with “The server committed a protocol violation. Section=ResponseStatusLine” here a number of scripts that show how to use O2′s refection API to gain access to internal […]

    Pingback by Using Reflection to (try to) set .NET default proxy settings « O2Platform.com for Developers | November 3, 2010 | Reply

  2. The .NET 2 version also works in .NET 4, although it’s more verbose.

    Thanks alot for the code! 🙂

    Comment by Dan Anos | February 11, 2011 | Reply

  3. So what was actually wrong with the header? Why not fix that problem instead of changing the app config?

    Comment by JK | June 29, 2011 | Reply

    • in this case h2 would had not been able to run the tests via a web proxy (i.e. fiddler)

      This script also shows how to dynamically change app.config settings (which is something I had been wanting to do for a while)

      Comment by o2platform | June 30, 2011 | Reply

  4. Another possibility: when doing a POST, the server responds with a 100 continue in an incorrect way.

    This solved the problem for me:

    request.ServicePoint.Expect100Continue = false;

    Comment by Online Classifieds | August 30, 2011 | Reply

  5. […] Enable/disable useUnsafeHeaderParsing. // See https://o2platform.wordpress.com/2010/10/20/dealing-with-the-server-committed-a-protocol-violation-se… public static bool ToggleAllowUnsafeHeaderParsing(bool enable) { //Get the assembly that contains […]

    Pingback by The server committed a protocol violation. Section=ResponseHeader Detail=CR must be followed by LF « Nurkartiko | January 31, 2013 | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: