ID: 42779
User updated by: aya at eh dot org
-Summary: Non-standards-compliant change in 'Connection' HTTP
response header
Reported By: aya at eh dot org
Status: Open
-Bug Type: Output Control
+Bug Type: Apache2 related
-Operating System: Linux
+Operating System: Any
PHP Version: 5.2.1
New Comment:
Updated bug category, summary, and OS.
Previous Comments:
------------------------------------------------------------------------
[2007-09-28 14:58:48] aya at eh dot org
After having done some more research, I think I've found the problem. I
believe it was introduced in PHP v5.2.1 in
sapi/apache2handler/sapi_apache2.c revision 1.57.2.10.2.8 as part of the
fix for bug #38602.
It's reasonable to downgrade the protocol version to HTTP/1.0 upon
receiving a header beginning with "HTTP/1.0 ", but upgrading the
protocol version to HTTP/1.1 upon receiving a header beginning with
"HTTP/1.1 " is wrong.
If an HTTP/1.1 webserver receives an HTTP/1.0 request, it should
respond with a header beginning with "HTTP/1.1 " to indicate to the
client that it is capable of processing HTTP/1.1 requests, BUT the
following response should still be an HTTP/1.0 response.
The section of the code which reads...
/* httpd requires that r->status_line is set to the first digit of
* the status-code: */
if (sline && strlen(sline) > 12 && strncmp(sline, "HTTP/1.", 7) ==
0 && sline[8] == ' ') {
ctx->r->status_line = apr_pstrdup(ctx->r->pool, sline + 9);
ctx->r->proto_num = 1000 + (sline[7]-'0');
if ((sline[7]-'0') == 0) {
apr_table_set(ctx->r->subprocess_env, "force-response-1.0",
"true");
} else {
apr_table_set(ctx->r->subprocess_env, "force-response-1.1",
"true");
}
}
...should have the 'else' clause removed.
------------------------------------------------------------------------
[2007-09-27 16:40:58] aya at eh dot org
Description:
------------
There seems to have been a change in the 'Connection' output header for
HTTP/1.0 requests somewhere between PHP v5.2.0 and PHP v5.2.3.
IIRC, according to the relevant RFCs, When processing an HTTP/1.0
request, the server should respond with an HTTP/1.1 response line if it
supports HTTP/1.1, but the entity headers should be compatible with
HTTP/1.0.
A simple "GET / HTTP/1.0" to a PHP page in v5.2.0 returns...
HTTP/1.1 200 OK
Connection: close
...other stuff...
...and then closes the connections as soon as the entity has been
sent.
However, the same request in v5.2.3 returns...
HTTP/1.1 200 OK
...other stuff...
...and then waits for another request, without sending a "Connection:
keep-alive" header. This is the correct behaviour for an HTTP/1.1
request, but not an HTTP/1.0 request.
In practise, this change prevents apachebench from working correctly
against PHP scripts.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=42779&edit=1
