[jira] [Commented] (TS-1125) POST's with Expect: 100-continue are slowed by delayed 100 response.

Fri, 12 Jun 2015 08:42:41 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-1125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14583579#comment-14583579
 ] 

ASF GitHub Bot commented on TS-1125:
------------------------------------

Github user sudheerv commented on the pull request:

    https://github.com/apache/trafficserver/pull/216#issuecomment-111531431
  
    @ffcai: I'm a little concerned about this change - this would mean that 
requests that would otherwise return an error would always return a "100 CONT" 
first. It seems quite odd that, a request would get a "100 CONT" followed by a 
"404 - Not found on Accelerator", for example (or even a "403 - Forbidden", for 
e.g with *quick_filter*).
    
    The current implementation of the "100 CONT" is already a hack (and not 
inline with the spec), but, at least, it ensures that the requests pass the 
proxy checks/validations.
    
    Making this change now to send a "100 CONT" immediately after seeing (and 
basic parsing of) the request, to all cases (not just the cases where a 
intercept plugin is being used) seems pretty bad to me. It may even open up a 
vulnerability that someone can exploit (e.g. keep pounding the box with a POST 
request with Expect header).


> POST's with Expect: 100-continue are slowed by delayed 100 response.
> --------------------------------------------------------------------
>
>                 Key: TS-1125
>                 URL: https://issues.apache.org/jira/browse/TS-1125
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP
>    Affects Versions: 3.0.2
>         Environment: TS 3.0.2 going to Apache 2.2 web server
>            Reporter: William Bardwell
>            Assignee: Bryan Call
>            Priority: Minor
>              Labels: yahoo
>             Fix For: 5.0.0
>
>         Attachments: TS-1125.diff, TS-1125.diff, ts1125.diff, ts1125.diff, 
> ts1125.diff
>
>
> Sending a post like:
> POST / HTTP/1.1
> Host: www.example.com
> Content-Length: 10
> Expect: 100-continue
> directly to the web server immediately sends back:
> HTTP/1.1 100 Continue
> And then when the post data is sent, a status 200 response comes back.
> But when going through ATS the "HTTP/1.1 100 Continue" is not sent 
> immediately, and instead is sent after the POST data has been received.  This 
> is legal, but it makes clients that are hoping for a 100 continue to wait a 
> little while hoping to get that, ATS should forward that response through 
> immediately.
> Note: I see curl using "Expect: 100-continue" with > 1024 bytes of post data, 
> but web searching indicates that some Microsoft products also use it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to