On Mon, Jun 23, 2014 at 07:32:53PM +0200, Bernhard Weißhuhn wrote: > On 23.06.2014, at 16:50, Holger Just <[email protected]> wrote: > > > [2] https://gist.github.com/meineerde/83e044c709b94358a616 > > Perfect, that worked like charm, Thank you! > > Still, I think it's really the servers who are to blame for misbehaving. I > just rechecked the following RFCs: > > - http://tools.ietf.org/html/rfc7230#section-5.4 > - http://tools.ietf.org/html/rfc7230#section-2.7.1 > - http://tools.ietf.org/html/rfc7230#section-2.7.3 > - http://tools.ietf.org/html/rfc3986#section-3.2.3 > - http://tools.ietf.org/html/rfc3986#section-6.2.3 > > Rfc7231 even has an example with "Host: server.example.com:80", although that > is in the context of a connect request, admittedly.
I agree with you. > Nowhere did I find any indication that a host-header with a default port > should be illegal or treated on any way different from one without it. It's just a matter of how the rules are written. On the front server, we have an haproxy matching domain names using "hdr_end(host)" so it used to only check for "haproxy.org" and so on, and would not match the trailing ":80". > Imho to support Postel's Law, both sides should be changed, client (sender in > this case) conservative, server more liberal. Already done :-) Willy
