On Wed, 7 Nov 2012, Tim Bannister wrote:
On 7 Nov 2012, at 18:12, Stefan Fritsch wrote:
On Wed, 7 Nov 2012, Graham Leggett wrote:
New directive HttpProtocol which allows to disable HTTP/0.9 support.
It feels wrong targeting 0.9 only, would it be possible to do this in a generic
way, say by listing the ones accepted, or by specifying a minimum?
Any suggestions for a syntax? Maybe:
HttpProtocol 1.1 # only 1.1
HttpProtocol 1.0- # 1.0 and above
HttpProtocol 1.0-1.1 # 1.0 and 1.1
HttpProtocol -1.0 # 1.0 and below
Does it need its own directive? How about a new environment variable and
Require:
Require expr %{HTTP_PROTOCOL} -gt 1.1
I realise that won't work as things stand, because -gt only handles integers.
Maybe another binary operator could allow decimals?
NB. SERVER_PROTOCOL would not be suitable because the initial “HTTP/” makes it
harder to do math.
I would prefer a dedicated directive: If you use authorization for that,
you have to take care that it is not overriden by per-directory authz
directives. Also, while evaluating an ap_expr is faster than e.g. using
mod_lua, it is still a relatively complex operation. And I expect a lot of
admins would like to disable 0.9, so having a way that has only minimal
impact on performance would be better. Finally, I am not 100% sure that
there are no code paths that cause a HTTP/0.9 error response to be sent
before the Requrire or <If> is executed. The dedicated directive is
certain to catch all uses of HTTP/0.9.
