On Dec 24, 2007 7:49 PM, John Peter Loh <[EMAIL PROTECTED]> wrote:
> We have virtual hosting enabled and the files to be served are in the
> first virtual host. Hacking in to Apache was what I was afraid of.
>
> I guess we have nothing feasible to do on our side anymore.
>
To bolster your "case", you can quote the relevant RFC to the third
party, i.e. if a Host header is missing (even if the absolute URI is
used in the request), Apache MUST send a 400 (Bad request) to the
client.
Their client SHOULD be sending the correct headers anyway, to be
HTTP/1.1-compliant. Or, have them revert to HTTP/1.0 (not really very
useful). In any case, the requirement for a Host header in the
client's request is absolute ("MUST"), if I read the RFC correctly.
Hope this helps. Merry Christmas.
--
Ian Dexter R. Marquez
http://feeds.iandexter.net/Coredump
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
