ID: 42779 User updated by: aya at eh dot org -Summary: Non-standards-compliant change in 'Connection' HTTP response header Reported By: aya at eh dot org Status: Open -Bug Type: Output Control +Bug Type: Apache2 related -Operating System: Linux +Operating System: Any PHP Version: 5.2.1 New Comment:
Updated bug category, summary, and OS. Previous Comments: ------------------------------------------------------------------------ [2007-09-28 14:58:48] aya at eh dot org After having done some more research, I think I've found the problem. I believe it was introduced in PHP v5.2.1 in sapi/apache2handler/sapi_apache2.c revision 1.57.2.10.2.8 as part of the fix for bug #38602. It's reasonable to downgrade the protocol version to HTTP/1.0 upon receiving a header beginning with "HTTP/1.0 ", but upgrading the protocol version to HTTP/1.1 upon receiving a header beginning with "HTTP/1.1 " is wrong. If an HTTP/1.1 webserver receives an HTTP/1.0 request, it should respond with a header beginning with "HTTP/1.1 " to indicate to the client that it is capable of processing HTTP/1.1 requests, BUT the following response should still be an HTTP/1.0 response. The section of the code which reads... /* httpd requires that r->status_line is set to the first digit of * the status-code: */ if (sline && strlen(sline) > 12 && strncmp(sline, "HTTP/1.", 7) == 0 && sline[8] == ' ') { ctx->r->status_line = apr_pstrdup(ctx->r->pool, sline + 9); ctx->r->proto_num = 1000 + (sline[7]-'0'); if ((sline[7]-'0') == 0) { apr_table_set(ctx->r->subprocess_env, "force-response-1.0", "true"); } else { apr_table_set(ctx->r->subprocess_env, "force-response-1.1", "true"); } } ...should have the 'else' clause removed. ------------------------------------------------------------------------ [2007-09-27 16:40:58] aya at eh dot org Description: ------------ There seems to have been a change in the 'Connection' output header for HTTP/1.0 requests somewhere between PHP v5.2.0 and PHP v5.2.3. IIRC, according to the relevant RFCs, When processing an HTTP/1.0 request, the server should respond with an HTTP/1.1 response line if it supports HTTP/1.1, but the entity headers should be compatible with HTTP/1.0. A simple "GET / HTTP/1.0" to a PHP page in v5.2.0 returns... HTTP/1.1 200 OK Connection: close ...other stuff... ...and then closes the connections as soon as the entity has been sent. However, the same request in v5.2.3 returns... HTTP/1.1 200 OK ...other stuff... ...and then waits for another request, without sending a "Connection: keep-alive" header. This is the correct behaviour for an HTTP/1.1 request, but not an HTTP/1.0 request. In practise, this change prevents apachebench from working correctly against PHP scripts. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=42779&edit=1