Received: by taz.hyperreal.com (8.6.12/8.6.5) id KAA24425; Fri, 2 Aug 1996 10:26:25 -0700 Received: from arachnet.algroup.co.uk by taz.hyperreal.com (8.6.12/8.6.5) with SMTP id KAA24415; Fri, 2 Aug 1996 10:26:21 -0700 Received: from heap.ben.algroup.co.uk by arachnet.algroup.co.uk id aa17151; 2 Aug 96 18:25 BST Received: from gonzo.ben.algroup.co.uk by heap.ben.algroup.co.uk id aa16834; 2 Aug 96 17:43 BST Subject: Re: arrrrgh! To: new-httpd@hyperreal.com Date: Fri, 2 Aug 1996 17:38:11 +0100 (BST) From: Ben Laurie In-Reply-To: from "Alexei Kosut" at Aug 2, 96 09:59:04 am X-Mailer: ELM [version 2.4 PL24 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2466 Message-ID: <9608021738.aa21612@gonzo.ben.algroup.co.uk> Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com Alexei Kosut wrote: > > On Fri, 2 Aug 1996, Ben Laurie wrote: > > [...] > > > Isn't this exactly what the BrowserMatch stuff is for? (Or whatever it was > > called). > > Sorta. It doesn't strike me as the most elegant solution, though. Several > reasons, but especially necause the Host: header is a header that actually > modifies the request. Connection:, which was the Netscape problem, has not > relevance on the actual request; it just modifies how the data is > transfered. > > What I'm getting at is that if we modify all the entities based on > the User-Agent string, and allow caching of them (unless you wanted to > deny caching of *all* documents the server sent...), then proxy servers > can really screw up the whole concoction. Hmmm ... not sure. How does the Host: header mesh with proxies? Like, do proxies pass it on unmodified, or generate their own? > > It seems a better idea, then, to either change the semantics of how Apache > handles the Host: header, even though it's not as per spec (*sigh*... > Roy?), or get MSIE to change. I don't see that we can change the handling unless we change the spec, too... on the other hand, come to think of it, it would be a very strange browser that connected on a port other than 80 and the expected the server to (virtually) connect it to port 80 because it had send a Host: saying so. BTW, the more I think about these virtual port connections the less I like them. If a browser wants to connect on port 1234 instead of 80 it would surely do a connect directly to 1234 and not connect to 80 then send a Host: header? So, it seems to me that the facility is only useful for crackers who wish to bypass firewall port filtering... > > Which might be possible; it's still in beta, no? I know MSIE claims to > like standards... Hmm. I filled out a bug report, and sent it in. We'll > see. If we disallowed port changes then the MSIE behaviour would be rejected on all ports other than 80... that might get their attention... Cheers, Ben. > > -- Alexei Kosut The Apache HTTP Server > http://www.nueva.pvt.k12.ca.us/~akosut/ http://www.apache.org/ > > -- Ben Laurie Phone: +44 (181) 994 6435 Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director Email: ben@algroup.co.uk A.L. Digital Ltd, URL: http://www.algroup.co.uk London, England. Apache Group member (http://www.apache.org)