httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject UseCanonicalName Off *surprise*
Date Fri, 19 Dec 2003 16:04:15 GMT
In both Apache 1.3 and 2.0 the UseCanonicalName doesn't work quite as it's
documented.  The question would be, do we fix it or document it...

When requesting a document that results in a redirection (directory not
decorated by a trailing backslash, etc) the redirected server name doesn't
actually conform to the Host header provided by the client...

UseCanonicalName On
UseCanonicalName Off, but the Host: header was missing (e.g. HTTP/1.0)

  In 1.3 - the host's {ServerName}:{Port} is returned.
  In 2.0 - the host {Servername} is returned (must include port suffix).

there were no surprises there.

UseCanonicalName Off, Host: header provided (HTTP/1.1)

  The host name header *excluding the host header port suffix * of the request 
  is concatenated to httpd 1.3's Port directive setting or the real port number
  in httpd 2.0.  

Now this might appear to be a moot issue, but if a proxy that doesn't mangling
headers bounces requests from port 80 to another server's port 8080 attempting
to impersonate the front end proxy, everything should work, in theory, with
UseCanonicalName Off.  As it turns out, UseCanonicalName must be turned
on to avoid the port :8080 suffix from being appended to the redirects.

Host headers (from my usual clients) do appear in the form 
Host: localhost:8080 
when the request http://localhost:8080/ is sent.  UseCanonicalName Off docs
state outright that we use the Host: header provided by the client.  The example
above shows that we do not.  But if we correct the behavior, instead of the docs,
then perhaps users will commonly end up with broken configs.

So I'm wondering what the consensus is - fix the docs, or the behavior?


View raw message