Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BC577D302 for ; Thu, 8 Nov 2012 10:39:33 +0000 (UTC) Received: (qmail 851 invoked by uid 500); 8 Nov 2012 10:39:33 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 562 invoked by uid 500); 8 Nov 2012 10:39:32 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 532 invoked by uid 99); 8 Nov 2012 10:39:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Nov 2012 10:39:31 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [188.40.99.202] (HELO eru.sfritsch.de) (188.40.99.202) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Nov 2012 10:39:26 +0000 Received: from stf (helo=localhost) by eru.sfritsch.de with local-esmtp (Exim 4.72) (envelope-from ) id 1TWPVo-0007BA-KC for dev@httpd.apache.org; Thu, 08 Nov 2012 11:39:04 +0100 Date: Thu, 8 Nov 2012 11:39:04 +0100 (CET) From: Stefan Fritsch X-X-Sender: stf@eru.sfritsch.de To: dev@httpd.apache.org Subject: Re: svn commit: r1406719 - in /httpd/httpd/trunk: CHANGES docs/log-message-tags/next-number include/http_core.h server/core.c server/protocol.c In-Reply-To: <96739BDD-157A-474A-8190-6AFEC2D4524E@sharp.fm> Message-ID: References: <20121107165638.E37E223888E4@eris.apache.org> <96739BDD-157A-474A-8190-6AFEC2D4524E@sharp.fm> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Checked: Checked by ClamAV on apache.org On Wed, 7 Nov 2012, Graham Leggett wrote: > On 07 Nov 2012, at 8:12 PM, Stefan Fritsch wrote: > >> Any suggestions for a syntax? Maybe: >> >> HttpProtocol 1.1 # only 1.1 >> HttpProtocol 1.0- # 1.0 and above >> HttpProtocol 1.0-1.1 # 1.0 and 1.1 >> HttpProtocol -1.0 # 1.0 and below >> >> We could then still add additional flags like +/- strict. > > The "-" in front of something means "switch this off" in other > directives, I suspect it might cause confusion. I have already used a similar syntax in RequestReadTimeout. But do you think it would be clearer to require two numbers: HttpProtocol 0.0-1.0 # 1.0 and below HttpProtocol 1.0-10.100 # 1.0 and above The upper limit would be rather arbitrary. Of course, I don't see HTTP/2.x arriving any time soon. > Would it make sense to try use globbing (apr_fnmatch)? Perhaps multiple > options separated by commas, or an ITERATE separated by spaces? > > HttpProtocol * # any version > HttpProtocol 1.1 # only 1.1 > HttpProtocol 1.* # 1.0 and above > HttpProtocol 1.0,1.1 # 1.0 and 1.1 > HttpProtocol 0.*,1.0 # 1.0 and below A list of allowed versions would be somewhat more complex to implement, because it would require space in core_server_config to store a list (e.g. with an apr_array) and we would need to iterate that list when checking the request. Only having a minimum and maximum value seems like a less over-engineered solution. Alternatively, if we use a list, then we could limit ourselves to the three versions actually in use and not support arbitrary values. Not sure if that is a future-proof solution. > RFC2616 defines the version as follows: > > HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT > > We could potentially also add a check to make sure that "DIGIT" part is > checked to be actual digits, and reject it otherwise. In the received request? Yes, I think I had that one on my list already.