Re: svn commit: r1768036 - in /httpd/httpd/branches/2.4.x-merge-http-strict: ./ CHANGES include/ap_mmn.h include/http_core.h include/httpd.h modules/http/http_filters.c server/core.c server/protocol.c server/util.c server/vhost.c

[Jacob Champion]

On 11/16/2016 04:32 AM, Ruediger Pluem wrote:
(but what has precedence in this case host or request)

The "effective request URI", as defined by Section 5.5, seems to be 
pretty clear that if the request-target is absolute, the Host header is 
irrelevant:

   If the request-target is in absolute-form, the effective request URI
   is the same as the request-target.

Then it's just up to the server admin, I think, whether to be strict 
(4xx) or lenient (replace Host with the request-target authority) for 
non-compliant requests that mismatch the two.

I seem to remember an IETF conversation about this, but I'm having 
trouble finding it now. (The one about proxies keeps coming up, but 
that's not what I'm remembering...)

--Jacob