On Wed, 2002-08-28 at 17:05, Ignacio J. Ortega wrote: > > De: Ryan Lubke [mailto:[EMAIL PROTECTED]] > > Enviado el: 28 de agosto de 2002 20:29 > > Para: Tomcat Developers List > > Asunto: RE: Spec question: RE BUG 12052 > > > > > > > > > The port MUST be the one in the Host Header if one is > > present,and should > > > be present if the request is HTTP1.1 compliant, > > > > > What if the Host header is supplied, but the value is empty. > > This seems > > legal per section 14.23 of the HTTP/1.1 RFC? > > > > > > 1) For me after ( another ) reading of rfc2616, from the point you named > and following the references given there, i've found that in 5.2 seems > to say that a empty Host: header must be responded by 400 because empty > it is not a valid Host name..
But an empty host header does have a meaning, i.e. the target resource is being identified via an IP address and not a host name. I'm reading this that if the host, probably a virtual host on the server , can't be determined, then return the 400. > > 2) Checked Apache2 and it gives a 200 when issuing a GET / with empty > Host:, at it replies a 200. > > I think your problem is related to issuing a 30X after a request with > empty Host: header?, well it's really a border case... > > One never can assure if a Location header will have correct information, > because is mandated to follow a filled Host hdr if present, sending a > 301 with a guessed Host name in the Location, shouldnt be the worst > solution to the problem.. > > I dont know how to make apache2 (anyone?) issue a unconditional redirect > (301) after a request, but i suspect that if the Host Header is empty in > such a request, it will try to form a correct Location header from the > information it has at hand ( ServerName and his own local port), with > Firewalls and NATs possibily an incorrect one? maybe.. > > In a vote, i would vote to make Tomcat issue a 400 in case of a empty > Host header.. Is this such a good idea? Take a look at the following: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7441 Apache originally would return a 400 on an empty Host header. The modified the behavior to what you're currently seeing. The interpretation could be incorrect, but I would be more inclined to follow a solid HTTP server implementation such as Apache. > > Saludos , > Ignacio J. Ortega > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>