Re: Re: Apache httpd does not respect the HTTP RFCs !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Covener wrote:
On Sat, Nov 28, 2009 at 7:23 PM, Carsten Wiedmann <carsten_sttgt@xxxxxx> wrote:
André Warnier schrieb:
So how do you enumerate invalid hosts explicitly then ?
Right, it's a little bit curious, that you can't set 400 with mod_rewrite
(or header), only 403 (or 410).

In 2.2.x you can probably use  [R=400]

My original post was more like a jest or a provocation, rather than a real question. But is is interesting to see how in the end, a document such as RFC2616 which is meant to "specify" a relatively strict set of rules, and of which I am sure the phrasing is examined carefully and repeatedly (it being after all a revision of an earlier document on the same topic), still leaves areas open to interpretation, or downright inconsistent. What is for example, in this case, a hostname which is /invalid/ on this host ? If the request reached this host, then it must be that for the DNS system, the hostname resolved to one of this physical host's IP addresses. In that sense, any HTTP request which reaches the host could be deemed to address a valid hostname. Yet the HTTP server listening on that host (and port), may be configured to accept requests for several specific hostnames, but not the one mentioned in the request. In that sense, Apache's defaulting to a "default" host whose name does not match the request hostname would be in contravention of the RFC. Yet by the same token, Apache's defaulting to the default host and accepting the request, would seem to make the request's hostname "valid", since the request is accepted. So basically, the HTTP RFC obliges the server to send a 400 response for an invalid host, but what is an invalid host is decided by the server.
Kind of circular as far as arguments go.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux