-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pid,
On 11/28/2009 8:03 AM, Pid wrote: > On 28/11/2009 12:56, André Warnier wrote: >> ;-) >> I just wanted, once, to use a subject line with capitals and an >> exclamation mark. >> >> It seems however that in this particular case, neither Tomcat nor Apache >> httpd follow the rules, when they default to the .. default virtual host >> in the case where they cannot find a match between the Host: header and >> one of their defined virtual hosts. >> Doesn't the following say that they MUST return a 400 status ? >> >> http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.2 > > "An origin server that does not allow resources to differ by the > requested host MAY ignore the Host header field value when determining > the resource identified by an HTTP/1.1 request" My interpretation is in line with André's, here. The server in question /does/ differentiate resources based upon the host, so: " An origin server that does differentiate resources based on the host requested (sometimes referred to as virtual hosts or vanity host names) MUST use the following rules for determining the requested resource on an HTTP/1.1 request: 1. If Request-URI is an absoluteURI, the host is part of the Request-URI. Any Host header field value in the request MUST be ignored. 2. If the Request-URI is not an absoluteURI, and the request includes a Host header field, the host is determined by the Host header field value. 3. If the host as determined by rule 1 or 2 is not a valid host on the server, the response MUST be a 400 (Bad Request) error message. " It's that last one that's the kicker: it basically precludes the use of "default" hosts. On the other hand, the use of a default seems completely reasonable. The use of a default host simply implies that /all/ hosts are valid for the server in question. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksUKU8ACgkQ9CaO5/Lv0PA15gCgrE1v9+L0YweYzPeg4+JuQ3ln IiUAoJq5fEvDUK83Id7pDEJZDXHPSuRT =GOfT -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
