www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: protocol/1454: Apache doesn't always understand requests with the absoluteURI in them
Date Sat, 22 Nov 1997 22:10:00 GMT
The following reply was made to PR protocol/1454; it has been noted by GNATS.

From: Dean Gaudet <dgaudet@arctic.org>
To: Anand Kumria <wildfire@progsoc.uts.edu.au>
Cc: apbugs@apache.org
Subject: Re: protocol/1454: Apache doesn't always understand requests with the absoluteURI
in them
Date: Sat, 22 Nov 1997 14:08:16 -0800 (PST)

 On 22 Nov 1997, Anand Kumria wrote:
 
 >  1. Is it an absoluteURI? Yes? Cool, we ignore a Host: header, if *any*
 >  ("Any host header field value in the request MUST be ignored.") and use
 >  what was specified in the absoluteURI.
 
 This is how it works ...
 
 >  I think this makes Apache more robust ("Be liberal in what you receive, be
 >  conservative in what you send"). However it is hard to argue the point
 >  properly without seeing an accept grammar for HTTP/1.1, but the Apache
 >  team seems fortunate enough to have one of the document authors (R.
 >  Fielding) on your team, perhaps he can provide more insights.
 
 "Be liberal in what you receive, be conservative in what you send" does
 not really apply to this situation.  Client authors would be foolish to
 not test their HTTP/1.1 clients against Apache 1.2.x; given that it has
 such widespread usage.  When they do test them as such they will discover
 that they really do have to follow section 9:
 
    The Host request-header field (section 14.23) MUST accompany all
    HTTP/1.1 requests.
 
 and section 14.23: 
 
    A client MUST include a Host header field in all HTTP/1.1 request
    messages on the Internet (i.e., on any message corresponding to a
    request for a URL which includes an Internet host address for the
    service being requested). If the Host field is not already present,
    an HTTP/1.1 proxy MUST add a Host field to the request message prior
    to forwarding it on the Internet. All Internet-based HTTP/1.1 servers
    MUST respond with a 400 status code to any HTTP/1.1 request message
    which lacks a Host header field.
 
 Given that it's stated twice in the standard there really is no excuse. 
 
 >  As I have tried to explain above the rules for processing requests don't
 >  consider the absence of the Host: header until rule 3. Apache is rejecting
 >  the document too early in its request parsing process.
 
 That's irrelevent and wrong.  If you look at the code flow you will
 discover in http_main that read_request() is called before
 process_request(), and you'll see that read_request() does the absURI and
 Host: processing, and that process_request() does the rejection due to
 absence of Host: header.  So we are following the standard.  (Although
 there is a comment in the code which is a bit misleading, I'm about to go
 correct it.)
 
 Dean
 
 

Mime
View raw message