mån 2007-03-12 klockan 19:44 -0400 skrev Chris Nighswonger: > > - ECN > > - Window Scaling > > - Forgetting Vary > > - Mixing up ETag (same ETag on multiple incompatible entities) > > - Various malformed responses > > * Double content length > > * Malformed headers > > * Repeated single-value headers > > If I knew more about the structure of these items I'd give it a whirl. The first two is TCP/IP related. Detection is done by trying to communicate with the server both with and without the feature enabled. The rest is HTTP protocol: Forgetting Vary: Many servers forget to emit a "Vary: accept-encoding" header in gzip:ed responses. Tested by sending requests with and without "Accept-Encoding: gzip" and comparing the results. If Content-Encoding of the responses differ but Accept-Encoding isn't mentioned in vary then the server is broken. Badly broken if the Vary is missing on the gzip:ed variant. Note: always responding with gzip is ok, even without vary. Mixing up ETag: Effectively the same test as above, but comparing the ETag header of the responses. If Content-Encoding differs but ETag is the same the server is broken. Double content length: Server response has more than one content-length header. Critical if the value differs. Malformed headers: Server response contains various crap mixed with the response headers. Have seen for example various system error messages etc.. (i.e. "Failed to open ...."). A well formed HTTP header follows the pattern ^[A-Za-z][-A-Za-z0-9]*:.* and anything in the headers not matching this is malformed. Technically a few more characters is allowed in the header name, but all known headers follow this pattern. Repeated single-value headers: The exact same test as for content-length, but for other less critical HTTP headers specified as single-valued not allowing more than one value. I.e. Content-Type, Content-Encoding, ETag, Date, etc. Regards Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
