From owner-freebsd-bugs Mon Sep 25 6:14:29 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 9B43B37B42C for <freebsd-bugs@FreeBSD.ORG>; Mon, 25 Sep 2000 06:14:20 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id PAA53121; Mon, 25 Sep 2000 15:14:16 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Ruslan Ermilov <ru@sunbay.com> Cc: freebsd-bugs@FreeBSD.ORG Subject: Re: bin/21476: ftp in 4.1-STABLE fails on http:// URLs References: <200009251150.EAA59979@freefall.freebsd.org> From: Dag-Erling Smorgrav <des@ofug.org> Date: 25 Sep 2000 15:14:15 +0200 In-Reply-To: Ruslan Ermilov's message of "Mon, 25 Sep 2000 04:50:04 -0700 (PDT)" Message-ID: <xzpya0gwr4o.fsf@flood.ping.uio.no> Lines: 66 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ruslan Ermilov <ru@sunbay.com> writes: > The server www.ben-tech.com is violating RFC1945 by requiring that > the Host: header be present in any HTTP/1.0 request. Compare: RFC1945 was never a standard. The closest thing to a standard is RFC2616, which basically says the Host: header is required in HTTP/1.1 requests (it's slightly more complicated than that; see sections 5.2, 9, 14.23 and especially 19.6.1.1). Yes, you made an HTTP/1.0 request, but www.ben-tech.com runs Apache 1.3.12, which is what the RFC calls an "HTTP/1.1 origin server", and as such (quoting section 3.1), SHOULD use an HTTP-Version of "HTTP/1.1" in their messages, and MUST do so for any message that is not compatible with HTTP/1.0. For more details on when to send specific HTTP-Version values, see RFC 2145 [36]. (RFC2145 is "Use and interpretation of HTTP version numbers", which explains what version number to use when communicating with servers or clients that implement a different HTTP version) Furthermore, section 19.6.1.1 ("Changes to Simplify Multi-homed Web Servers and Conserve IP Addresses") states: The requirements that clients and servers support the Host request- header, report an error if the Host request-header (section 14.23) is missing from an HTTP/1.1 request, and accept absolute URIs (section 5.1.2) are among the most important changes defined by this specification. [...] Given the rate of growth of the Web, and the number of servers already deployed, it is extremely important that all implementations of HTTP (including updates to existing HTTP/1.0 applications) correctly implement these requirements: - Both clients and servers MUST support the Host request-header. - A client that sends an HTTP/1.1 request MUST send a Host header. - Servers MUST report a 400 (Bad Request) error if an HTTP/1.1 request does not include a Host request-header. - Servers MUST accept absolute URIs. In summary, this says FreeBSD's ftp(1) has been in error since June 1999, when RFC2616 was published. In any case, ftp(1) is not the appropriate tool for anything but interactive or scripted FTP sessions. To retrieve single documents from FTP or HTTP servers, use fetch(1). (Any comments to the tune of "but fetch(1) doesn't do X" will be answered with either "yes, it does" or "then file a PR about it and I'll see if it can be implemented".) (Oh, and Apache was correct in this instance, but it isn't always. Amongst other crimes, it will insist on using chunked encoding in conversations with HTTP/1.0 clients, in violation of RFC2145, and it will in some instances choke on absolute URIs in requests, in violation of RFC2616) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message