Date: 25 Sep 2000 15:14:15 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Ruslan Ermilov <ru@sunbay.com> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/21476: ftp in 4.1-STABLE fails on http:// URLs Message-ID: <xzpya0gwr4o.fsf@flood.ping.uio.no> In-Reply-To: Ruslan Ermilov's message of "Mon, 25 Sep 2000 04:50:04 -0700 (PDT)" References: <200009251150.EAA59979@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov <ru@sunbay.com> writes:
> The server www.ben-tech.com is violating RFC1945 by requiring that
> the Host: header be present in any HTTP/1.0 request. Compare:
RFC1945 was never a standard. The closest thing to a standard is
RFC2616, which basically says the Host: header is required in HTTP/1.1
requests (it's slightly more complicated than that; see sections 5.2,
9, 14.23 and especially 19.6.1.1).
Yes, you made an HTTP/1.0 request, but www.ben-tech.com runs Apache
1.3.12, which is what the RFC calls an "HTTP/1.1 origin server", and
as such (quoting section 3.1),
SHOULD use an HTTP-Version of
"HTTP/1.1" in their messages, and MUST do so for any message that is
not compatible with HTTP/1.0. For more details on when to send
specific HTTP-Version values, see RFC 2145 [36].
(RFC2145 is "Use and interpretation of HTTP version numbers", which
explains what version number to use when communicating with servers or
clients that implement a different HTTP version)
Furthermore, section 19.6.1.1 ("Changes to Simplify Multi-homed Web
Servers and Conserve IP Addresses") states:
The requirements that clients and servers support the Host request-
header, report an error if the Host request-header (section 14.23) is
missing from an HTTP/1.1 request, and accept absolute URIs (section
5.1.2) are among the most important changes defined by this
specification.
[...] Given the rate of growth of
the Web, and the number of servers already deployed, it is extremely
important that all implementations of HTTP (including updates to
existing HTTP/1.0 applications) correctly implement these
requirements:
- Both clients and servers MUST support the Host request-header.
- A client that sends an HTTP/1.1 request MUST send a Host header.
- Servers MUST report a 400 (Bad Request) error if an HTTP/1.1
request does not include a Host request-header.
- Servers MUST accept absolute URIs.
In summary, this says FreeBSD's ftp(1) has been in error since June
1999, when RFC2616 was published.
In any case, ftp(1) is not the appropriate tool for anything but
interactive or scripted FTP sessions. To retrieve single documents
from FTP or HTTP servers, use fetch(1).
(Any comments to the tune of "but fetch(1) doesn't do X" will be
answered with either "yes, it does" or "then file a PR about it and
I'll see if it can be implemented".)
(Oh, and Apache was correct in this instance, but it isn't always.
Amongst other crimes, it will insist on using chunked encoding in
conversations with HTTP/1.0 clients, in violation of RFC2145, and it
will in some instances choke on absolute URIs in requests, in
violation of RFC2616)
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpya0gwr4o.fsf>