DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24396>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24396 Multiple host headers are accepted and get concatenated Summary: Multiple host headers are accepted and get concatenated Product: Apache httpd-1.3 Version: 1.3.28 Platform: PC OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] If a HTTP request contains more than one host header line like in GET / HTTP/1.1 Host: host1 Host: host2 Connection: close all host headers get concatenated and are treated as if only one host header containing "host1, host2" had been given. While this makes sense for other headers like X-Forwarded-For, you cannot request data from multiple hosts in one single HTTP request. RFC 2616 doesn't explicitly state that there must not be more than one host header per request but I think it implies it by referring to "the host header" throughout the document. I suggest that multiple host headers be rejected with a "400 Bad Request" response. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
