httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: official Apache response to AOLs latest mail
Date Sun, 22 Dec 1996 05:21:09 GMT

I would agree with other comments about this mail. Looks good
otherwise.

I don't know if it would be worth noting how many downloads we
have had on 1.2 beta and point out our expected release schedule?
Subtle?


> We need to send AOL an official response to the mail I forwarded
> from George Boyce last night.  I'd suggest the following, but am
> happy for someone else to redraft it if it's not to everyone's liking.
> 
> -=-=-
> 
> Dear Mr Boyce and AOL's web support team,
> 
> 	I am writing on behalf of the Apache Group in response to your
> email of December 20th. The Apache Group is comprised of dozens of volunteer
> developers from all over the world contributing a variety of skills for
> the purpose of providing a free HTTP server product to the web community.
> 
> 	The Apache HTTP server software is used by over 40% of web sites
> because it delivers a free product that many believe to be far superior to
> expensive commercial alternative. It is safe to say that without Apache,
> the web would not be as large and exciting as it is today. So it is
> with great disappointment that we now find our efforts being undermined by
> an action taken by AOL which we can only interpret as political since it
> has no technical merit.
> 
> 	We are of course referring to AOL's decision to block HTTP/1.1
> servers from communicating with AOL users. The Group were frankly astonished
> by AOL's decision and the sudden unannounced way in which it was implemented.
> >From your belated response to numerous requests for an explanation we
> are left with the following analysis: AOL HAS FAILED TO KEEP UP WITH
> DEVELOPMENTS IN THE HTTP PROTOCOL AND OUT OF FEAR OF THE UNKNOWN  HAS CHOSEN
> TO VIOLATE THE BASIC RULES BY WHICH THE WWW OPERATES, UNTIL IT HAS HAD
> TIME TO INVESTIGATE THE IMPLICATIONS OF THE LATEST HTTP ENHANCEMENTS.
> 
> 	To our knowledge, at no time before or after AOL's policy change
> did AOL representatives approach the Apache Group or the HTTP Working Group
> to inform them of the decision or to confirm that their actions were
> either necessary, productive or indeed compliant with the protocols to
> which AOL claims to comply.
> 
> 	In your letter you ask that we consider changing Apache to respond
> to HTTP/1.0 client requests with a HTTP/1.0 version identifier. This is
> simply unacceptable and unnecessary. Prior to AOL's change of policy its
> software had no trouble dealing with tens of millions of HTTP/1.1 responses
> generated by hundreds of Apache servers. We'd like to make it quite clear
> that Apache will continue to send HTTP/1.1 identification in its responses
> to HTTP/1.0 client requests since failure to do so will result in years
> worth of research and development work going to waste.
> 
> 	Apache 1.2 is compliant with the HTTP/1.1 specification. The AOL
> software that is refusing to accept the HTTP/1.1 responses are in defiance
> of the HTTP/1.0 specification to which they claim to comply.
> 
> 	At this stage we are totally frustrated at AOL and are in no
> mood to humor you with a compromise. AOL's actions and reactions has been
> outrageous and damaging both to AOL users and those of us trying to provide
> them with services. We strongly request that you rectify this problem
> immediately and inform AOL users affected by the problem that contrary to
> what they have been led to believe by AOL proxy responses and by misinformed
> AOL support staff, the problem was AOL's and that AOL apologizes to them
> and to the server operators for the unnecessary interruption.
> 
> 	To reiterate, Apache's behavior is correct, the Apache Group will
> not downgrade its software to cater to AOL software that has been
> deliberately engineered to misbehave.
> 
> 	We look forward to your prompt reply.
> 
> 			Sincerely,
> 		
> 			The Apache Group.
> 
> -=-=-=-=-=
> 
> 
> 
> > Hi,       
> > 
> > I am responsible for the operation of the AOL web access service.
> > 
> > Last week my development team gave me a new version of our system. Among the 
> > changes was a "fix" to allow connections only from HTTP/1.0 compliant servers. 

> > There are at least four issues with this fix...
> > 
> > 1. We should not have installed code which changes the behaviour of the service
> > without a discussion of the changes. We should have seen the other problems
> > coming and taken responsible action to minimize the impact. I think development
> > agrees with me but only time will tell.
> > 
> > 2. We discovered a bug in this code which sometimes incorrectly identified the
> > type of headers being returned. A fix for this will be installed as soon as
> > possible.
> > 
> > 3. We have not supported HTTP/0.9 for a while so that was no change.
> > 
> > 4. But a recent version of the apache server does send HTTP/1.1 headers even
> > when contacted by a HTTP/1.0 browser and proxy. After careful thought and loud
> > debate, I lost, and we consider this to be inconsistent with the HTTP/1.0 spec.
> > We also consider our error message to be consistent with the HTTP/1.1 spec,
> > though our service is certainly not HTTP/1.1 compliant, and of course it isn't
> > very friendly to our members.
> > 
> > The 1.0 spec doesn't allow the server to respond with a 1.1 response:
> > 
> > http://www.w3.org/pub/WWW/Protocols/HTTP/1.0/spec.html
> > <<
> > HTTP/1.0 servers must:
> > ...
> >      respond appropriately with a message in the same protocol version used by
> > the client.
> > >>
> > 
> > And our proxy is responding with an error as even the 1.1 spec allows.
> > 
> > http://www.w3.org/pub/WWW/Protocols/HTTP/1.1/draft-ietf-http-v11-spec-07.txt
> > <<
> > Since the protocol version indicates the protocol capability of the sender, a
> > proxy/gateway MUST never send a message with a version indicator which is
> > greater than its actual version; if a higher version request is received, the
> > proxy/gateway MUST either downgrade the request version, respond with an error,
> > or switch to tunnel behavior.
> > >>
> > 
> > In the spirit of making things work, our development team will work on a way to
> > downgrade HTTP/1.1 requests and responses to HTTP/1.0. Until then, would you
> > folks consider having your server respond to HTTP/1.0 requests with HTTP/1.0
> > replies?
> > 
> > Looking forward to your reply. We certainly want the AOL web access service to
> > work with the apache server. Please don't listen to those few who yell at AOL
> > for all of our screwups in the past and future. We generally had a reason for
> > most of them; it is really difficult to run a reliable service for this many
> > people.
> > 
> > George
> > 
> > --
> > George Boyce
> > Director, AOL/GNN Internet Ops, 703.453.4152, Fax: 453.4013, grboyce@aol.net
> > 




Mime
View raw message