Re: A question for the protocol gurus...
Roy T. Fielding wrote: It can fail however it likes -- transparent gateways are not allowed in HTTP. Once you violate the protocol, you are doomed to any number of unspecified workarounds that will ultimately fail outside the common case. Makes sense. Regards, Graham -- - [EMAIL PROTECTED]There's a moon over Bourbon Street tonight... smime.p7s Description: S/MIME Cryptographic Signature
Re: A question for the protocol gurus...
Roy T. Fielding wrote: On Tue, Jan 29, 2002 at 09:25:24PM -0500, Chuck Murcko wrote: So as Graham said proxy should reply 501 or 505 right? It doesn't matter -- HTTP/0.9 responses don't have error codes. You just have to return an HTML page that tells the user to get out of their rocking chair and upgrade the client application to a modern version of HTTP. But in theory this could also happen with HTTP/1.0 if a client asks for /blah and doesn't include a host header - in this case the gateway has no way of figuring out who to connect to, and must fail as I understand it with 505 Upgrade Dammnit. Am I right? Regards, Graham -- - [EMAIL PROTECTED]There's a moon over Bourbon Street tonight... smime.p7s Description: S/MIME Cryptographic Signature
Re: A question for the protocol gurus...
But in theory this could also happen with HTTP/1.0 if a client asks for /blah and doesn't include a host header - in this case the gateway has no way of figuring out who to connect to, and must fail as I understand it with 505 Upgrade Dammnit. Am I right? It can fail however it likes -- transparent gateways are not allowed in HTTP. Once you violate the protocol, you are doomed to any number of unspecified workarounds that will ultimately fail outside the common case. Roy
Re: A question for the protocol gurus...
On Tue, Jan 29, 2002 at 09:25:24PM -0500, Chuck Murcko wrote: So as Graham said proxy should reply 501 or 505 right? It doesn't matter -- HTTP/0.9 responses don't have error codes. You just have to return an HTML page that tells the user to get out of their rocking chair and upgrade the client application to a modern version of HTTP. Roy
Re: A question for the protocol gurus...
Graham Leggett wrote: On the proxy list there is talk of support for transparent-proxy behaviour, and the question has come up what about HTTP/0.9?. Am I correct in saying it is not possible to find the destination server if the protocol is v0.9 or v1.0, and there is no host header, and there is no complete URL in the request (ie http://server.name/blah instead of just /blah)? Or is there some trick to do this? Let me add one more important detail: It is assumed that the packets were manipulated by a DNAT engine (such as iptables) to reach the proxy on this host, rather than just passing this host on their way to the original hosts. So I don't think it is possible to look at the destination IP address (unless the original one is kept somewhere else in the packets...) -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: A question for the protocol gurus...
On Wed, Jan 30, 2002 at 12:35:58AM +0200, Graham Leggett wrote: On the proxy list there is talk of support for transparent-proxy behaviour, and the question has come up what about HTTP/0.9?. Am I correct in saying it is not possible to find the destination server if the protocol is v0.9 or v1.0, and there is no host header, and there is no complete URL in the request (ie http://server.name/blah instead of just /blah)? Or is there some trick to do this? When transparent proxying you use a trick (usually a special in-kernel firewall config) to accept connections to any IP address, and you use the destination address of the connection to determine which upstream server to forward the request to. The only time you get a complete URL in the request is if the browser is configured to use a proxy, which is not the case for transparent proxying (unless you are putting the transparent proxy in front of a proxy, but that's mad). Tony.
Re: A question for the protocol gurus...
On the proxy list there is talk of support for transparent-proxy behaviour, and the question has come up what about HTTP/0.9?. Am I correct in saying it is not possible to find the destination server if the protocol is v0.9 or v1.0, and there is no host header, and there is no complete URL in the request (ie http://server.name/blah instead of just /blah)? Or is there some trick to do this? It is not possible to use a proxy with HTTP/0.9. It is possible to use a gateway, so those requests should be interpreted as local paths. A transparent proxy is a gateway (that transparent-proxy term is bogus and should not be used by us). Roy
Re: A question for the protocol gurus...
So as Graham said proxy should reply 501 or 505 right? Chuck On Tuesday, January 29, 2002, at 05:47 PM, Roy T. Fielding wrote: On the proxy list there is talk of support for transparent-proxy behaviour, and the question has come up what about HTTP/0.9?. Am I correct in saying it is not possible to find the destination server if the protocol is v0.9 or v1.0, and there is no host header, and there is no complete URL in the request (ie http://server.name/blah instead of just /blah)? Or is there some trick to do this? It is not possible to use a proxy with HTTP/0.9. It is possible to use a gateway, so those requests should be interpreted as local paths. A transparent proxy is a gateway (that transparent-proxy term is bogus and should not be used by us). Roy