On Thu, Jun 29, 2006 at 07:59:25PM -0700, Paul Adamczyk wrote: > While testing HTTP messages on popular Web sites, I've > observed that the same message sent to the same > version of the Apache server can return completely > different results. Obviously, most of the results are > due to user configuration. But I'm most puzzled by > the HEAD message, because according to the source > code, it should be created with the same code as GET > (except for the message body), but some Apache servers > generate HEAD responses without the Content-Length > header or set its length to 0.
There was a 2.x bug (fixed in 2.0.56) which meant that C-L was omitted for responses to HEAD requests in certain cases; notably for a dynamically generated response, e.g. PHP. 2.x will never send "C-L: 0" unless the corresponding GET would also send "C-L: 0" AFAIK. It's only a SHOULD requirement in 2616 that the metadata in a HEAD response exactly matches that which would be returned by GET, so it's not strictly correct to say that this bug makes the server non-compliant with 2616, it's merely a "conditional compliance". > I've put the results in a paper. I would appreciate > your reviews or any comments you can provide on this > topic. > > http://pinky.cs.uiuc.edu/~padamczy/docs/ecows06_http.pdf CONNECT is used for tunnelling through proxies, origin servers never see nor need to care about the CONNECT method, and use of CONNECT is completely unrelated to use of SSL at the origin server; all the stuff about that seems to be very confused. joe
