httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: mod_proxy changes
Date Mon, 27 May 1996 20:48:13 GMT
Robert S. Thau wrote:
> Well, here's the text of the requirement, from draft-03 of the HTTP/1.1
> spec:

Hmmm ... as you note below, the text is "confused". I'd actually call it wrong.

> In requests that they forward, proxies
> MUST NOT rewrite the "abs_path" part of a Request-URI in any way except
> as noted above to replace a null abs_path with "*". Illegal Request-URIs
> SHOULD be responded to with an appropriate status code. Proxies MAY
> transform the Request-URI for internal processing purposes, but SHOULD
> NOT send such a transformed Request-URI  in forwarded requests.

The SHOULD NOT here is overruled by the MUST NOT above, and so should be
excised as confusing.

>   The main reason for this rule is to make sure that the form of
>   Request-URI is well specified, to enable future extensions without
>   fear that they will break in the face of some rewritings. Another

If proxies MAY rewrite internally, this goal is not achieved.

>   is that one consequence of rewriting the Request-URI is that
>   integrity or authentication checks by the server may fail; since
>   rewriting MUST be avoided in this case, it may as well be
>   proscribed in general. Implementers should be aware that some pre-
>   HTTP/1.1 proxies do some rewriting.

This is "aware" in the sense of "curse every time a user complains", I take it?

> [ Note that the normative text in the first paragraph seems undecided
>   about whether rewriting is a SHOULD NOT (meaning that you can break
>   the rule and still claim conditional conformance) or a MUST NOT 
>   (meaning that any violation of the rule is beyond the pale), but in
>   any case, to the extent that this text does in fact reflect WG
>   consensus, it seems pretty clear that they think it's a bad idea. ]

I think this whole thing is wrong-headed. If we just said browsers MUST NOT
included any redundant path elements in a URI the whole problem evaporates.
Proxies then MAY rewrite if they feel like compensating for broken browsers (or
perhaps SHOULD [and so SHOULD servers], or even MUST). In fact, now I think of
it, doesn't the URI RFC say that rewriting is permitted (or even required)?

No doubt all sorts of crazies have claimed that they can't live without a
string of ../../.. in the middle of their extra-clever URIs, but isn't the
whole thing confusing enough without this kind of messing around?

Sigh. Am I going to have to join the WG and slug this out?



> rst

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email:
A.L. Digital Ltd,           URL:
London, England.

View raw message