httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: arrrrgh!
Date Sun, 04 Aug 1996 12:27:17 GMT
Roy T. Fielding wrote:
> 
> >> I very carefully avoided placing any requirement on how the server
> >> should interpret the port number -- the only requirements are on how
> > 
> > No, it very explicitly says that the port number should, if not given,
> > be treated as 80. Yes, you are correct in that it doesn't say what the
> > server should *do* with that number, but it does say that. Which means
> > that if we *do* do port switching, or other things based on the port,
> > a Host: header with no port *must* be treated as 80 (or 443 for SSL
> > and 23 for telnet and 79 for gopher and so forth and so on), if we are
> > to be compliant with the spec.
> 
> Yes, but we don't *do* port switching -- we therefore have no business
> doing anything with the port in Host.  It cannot be used for access
> control and should not be given to CGI scripts, so why look at it at all?
> The spec only defines what it means when it is sent and when it is used --
> if it ain't used, we can't be non-compliant by ignoring it.  The spec
> does not require a server to allow (or even respect) a port switch,
> which is why the requirements on interpreting the requested resource
> are limited to the host name.  The only reason we would want to look at
> that port is if we *desired* port switching, but we already know that
> such a thing won't work until HTTP/1.0 is retired.

Seems to me that if we are going to refuse to port switch (as opposed to
ignoring the issue) then we must know what the port number is to be able to
refuse. This means that the absence of a port must be taken to mean port
80/443/whatever, and rejected when (in)appropriate.

Cheers,

Ben.

> 
> In any case, nobody is going to complain about the above being
> "non-compliant" -- I doubt that anyone outside our group would even
> consider it an issue.  Security is #1; Interoperability is #2;
> Extensibility is #3; everything else is small potatoes.
> 
> .....Roy

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.            Apache Group member (http://www.apache.org)

Mime
View raw message