2009/11/29 Bill Barker <billwbar...@verizon.net>: > > "André Warnier" <a...@ice-sa.com> wrote in message > news:4b119016.2020...@ice-sa.com... >> Pid wrote: >>> On 28/11/2009 12:56, André Warnier wrote: >>>> ;-) >>>> I just wanted, once, to use a subject line with capitals and an >>>> exclamation mark. >>>> >>>> It seems however that in this particular case, neither Tomcat nor Apache >>>> httpd follow the rules, when they default to the .. default virtual host >>>> in the case where they cannot find a match between the Host: header and >>>> one of their defined virtual hosts. >>>> Doesn't the following say that they MUST return a 400 status ? >>>> >>>> http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.2 >>> >>> "An origin server that does not allow resources to differ by the >>> requested host MAY ignore the Host header field value when determining >>> the resource identified by an HTTP/1.1 request" >>> >>> ? >>> >> You are quoting selectively. The same line continues with >> "(But see section 19.6.1.1 for other requirements on Host support in >> HTTP/1.1.)" >> which section 19.6.1.1 is quite stern about the fact that HTTP 1.1 servers >> MUST support the Host: header properly. >> So I persist. > > Well, for IP-based VHosts (common for httpd), Pid is correct since the > server uses the IP address that recieved the request to determine where it > goes. > > For name-based VHosts (the default for Tomcat), both Tomcat and httpd are > still in the clear since every host is valid on the server (the ones not > explicitly configured match the default host). > > <spec-quote spec="rfc2616" section="5.2"> > 3. If the host as determined by rule 1 or 2 is not a valid host on the > server, the response MUST be a 400 (Bad Request) error message. > </spec-quote> >
You can always configure your default host to respond with response.sendError(400); for every request. Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org