httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <>
Subject Re: HTTP/1.1 header problem
Date Mon, 23 Dec 1996 04:52:19 GMT

(sending this to new-httpd separately since the word "svbscribe" was in
the top part of the message accidentally)


Hi George.  I'm sending this mail to both you and the Apache development list
(which you are invited to join -, "svbscribe new-httpd",
etc). I think there is a very simple fix for this issue. 

> Date: Fri, 20 Dec 1996 16:22:18 -0800
> From: George Boyce <>
> To:
> Subject: HTTP/1.1 header problem
> And our proxy is responding with an error as even the 1.1 spec allows.
> <<
> Since the protocol version indicates the protocol capability of the sender, a
> proxy/gateway MUST never send a message with a version indicator which is
> greater than its actual version; if a higher version request is received, the
> proxy/gateway MUST either downgrade the request version, respond with an error,
> or switch to tunnel behavior.
> >>

The big issue for you, I believe, is "downgrading" an HTTP/1.1 response to
HTTP/1.0 in line with this consideration.  For the 1.0 proxy receiving any 1.x
response, it is as easy as changing the first line of the response from 1.1 to
1.0.  The 1.1 spec guarantees that the 1.1 response to a 1.0 proxy will not
contain any headers which could cause problems.  If it were a 1.1 proxy it may
get something only 1.1 agents can understand, such as chunked transfer codings
or the 100 Continue response, but in this case it is safe. 

Remember, this is all we would be doing in Apache were we to hack this change
into our server.

If this is not the case, if your team has evidence of other headers or behavior
in HTTP/1.1 which a simple version number switch wouldn't fix, please let's
talk about it, as this would probably be news to the HTTP IETF working group as
well, and those would be seen as errors to the 1.1 spec which could be
documented in a later RFC.  It would certainly run counter to the spirit of the
1.1 spec.

> In the spirit of making things work, our development team will work on a way to
> downgrade HTTP/1.1 requests and responses to HTTP/1.0. Until then, would you
> folks consider having your server respond to HTTP/1.0 requests with HTTP/1.0
> replies?

Some people have hacked their servers to do this.  We may provide a set of
configuration directives and a short patch to the source code to do this.  It's
not been as easy as we thought to do this in an easily configurable way, though
that may change.  But it's unlikely we'd put a hack in any released version of
the server - this is actually not as easy as it might sound, and would require
more extensive changes, since our generic header-matching engine happens after
a couple other key functions which would also need to be modified to support

> Looking forward to your reply. We certainly want the AOL web access service to
> work with the apache server. Please don't listen to those few who yell at AOL
> for all of our screwups in the past and future. We generally had a reason for
> most of them; it is really difficult to run a reliable service for this many
> people.

I absolutely appreciate that.  Developing complex software to work in a
heterogenous environment is very difficult - which is why Apache has been so
great to work on, since a change or fix can be very quickly tested across a
wide array of environments and situations.  

Anyways, we look forward to resolving this issue - we've held off on being much
louder than we have only because we knew there would be reasonable folks on
your end and we could talk this through, and I'm glad to see this is the case.

	Brian, Apache Group member

p.s. - I will be on vacation for two weeks starting Monday; if you respond to
the address in the Cc: field the other developers around during the holidays
would be happy to carry on the conversation.


View raw message