[jira] [Commented] (TS-3459) Create a new config to disallow Post w/ Expect: 100-continue.

[Sudheer Vinukonda (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TS-3459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14372437#comment-14372437
 ] 

Sudheer Vinukonda commented on TS-3459:
---------------------------------------

[~briang] and [~zwoop] : 

I am not sure either to understand the need for two separate configs. Is this 
perhaps, the {{proxy.config.http.send_100_continue_response}} only controls the 
internal ATS generated {{100 CONT}} and not the {{100 CONT}} received from the 
origin? Even so, I am not sure that such a config makes sense - shouldn't we 
just follow the RFC that seems to say that a {{100 CONT}} from the origin 
should be fwded to the client or not based on the HTTP version and whether or 
not the {{Expect}} header was received.

{code}
Requirements for HTTP/1.1 proxies:

      - If a proxy receives a request that includes an Expect request-
        header field with the "100-continue" expectation, and the proxy
        either knows that the next-hop server complies with HTTP/1.1 or
        higher, or does not know the HTTP version of the next-hop
        server, it MUST forward the request, including the Expect header
        field.
      - If the proxy knows that the version of the next-hop server is
        HTTP/1.0 or lower, it MUST NOT forward the request, and it MUST
        respond with a 417 (Expectation Failed) status.
      - Proxies SHOULD maintain a cache recording the HTTP version
        numbers received from recently-referenced next-hop servers.
      - A proxy MUST NOT forward a 100 (Continue) response if the
        request message was received from an HTTP/1.0 (or earlier)
        client and did not include an Expect request-header field with
        the "100-continue" expectation. This requirement overrides the
        general rule for forwarding of 1xx responses (see section 10.1).
{code}

> Create a new config to disallow Post w/ Expect: 100-continue.
> -------------------------------------------------------------
>
>                 Key: TS-3459
>                 URL: https://issues.apache.org/jira/browse/TS-3459
>             Project: Traffic Server
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Brian Geffon
>            Assignee: Brian Geffon
>             Fix For: 5.3.0
>
>
> This is something that's been bothering us for a while, we want a way to 
> explicitly disallow Posts w/ Expect: 100-continue. I'm going to add a small 
> block of code (configurable of course) that will allow you to return a 405 
> Method Not Allowed if enabled. This config will default to OFF to maintain 
> backwards compatibility.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)