Re: mod_proxy changes

["Roy T. Fielding" <fi...@avron.ICS.UCI.EDU>]

> Well, here's the text of the requirement, from draft-03 of the HTTP/1.1
> spec:
> 
> In requests that they forward, proxies
> MUST NOT rewrite the "abs_path" part of a Request-URI in any way except
> as noted above to replace a null abs_path with "*". Illegal Request-URIs
> SHOULD be responded to with an appropriate status code. Proxies MAY
> transform the Request-URI for internal processing purposes, but SHOULD
> NOT send such a transformed Request-URI  in forwarded requests.
> 
>   The main reason for this rule is to make sure that the form of
>   Request-URI is well specified, to enable future extensions without
>   fear that they will break in the face of some rewritings. Another
>   is that one consequence of rewriting the Request-URI is that
>   integrity or authentication checks by the server may fail; since
>   rewriting MUST be avoided in this case, it may as well be
>   proscribed in general. Implementers should be aware that some pre-
>   HTTP/1.1 proxies do some rewriting.
> 
> [ Note that the normative text in the first paragraph seems undecided
>   about whether rewriting is a SHOULD NOT (meaning that you can break
>   the rule and still claim conditional conformance) or a MUST NOT 
>   (meaning that any violation of the rule is beyond the pale), but in
>   any case, to the extent that this text does in fact reflect WG
>   consensus, it seems pretty clear that they think it's a bad idea. ]

We already changed it to a MUST NOT last week.  In general, a comment
about the HTTP spec on this list is given high priority, and rst
mentioned that discrepancy in Paris.  I also rephrased the above note
so that it would have some connection with reality [nuthin like writing
by committee to make plain common sense seem like perversity].

......Roy