On Apr 07, Randal L. Schwartz wrote:
> I think this also suffers from placing the burden on the client. The
> [R] there with an external rewrite means that the client will get
> redirected if it doesn't tell you the right "Host:" header. But
> HTTP/1.0 and older browsers (and some spiders) will NOT tell you that
> header, so you get in an infinite loop.
>
> The solution is that you must allow for an unspoken "Host:" header to
> fall through to a generic v-host.
An important point is that although "Host:" wasn't required until
HTTP/1.1, all of the common browsers have sent it with 1.0 requests
for some time. This includes Netscape since version 2.0 and Internet
Explorer since 3.0. Most browsers released since 1996 have sent
it. I strongly suspect that all of the reputable search engine
spiders send it as well.
(That doesn't mean you shouldn't be careful and structure it so
that you don't send Host-less requests into a redirect loop, I just
want to make sure people know the situation isn't quite as dire as
Randal may have made it sound. There are a large number of people
relying on browsers sending the Host header to great effect.)
Jim
