You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "Roy T. Fielding" <fi...@avron.ICS.UCI.EDU> on 1996/05/28 03:48:35 UTC
Re: mod_proxy changes
> Well, here's the text of the requirement, from draft-03 of the HTTP/1.1
> spec:
>
> In requests that they forward, proxies
> MUST NOT rewrite the "abs_path" part of a Request-URI in any way except
> as noted above to replace a null abs_path with "*". Illegal Request-URIs
> SHOULD be responded to with an appropriate status code. Proxies MAY
> transform the Request-URI for internal processing purposes, but SHOULD
> NOT send such a transformed Request-URI in forwarded requests.
>
> The main reason for this rule is to make sure that the form of
> Request-URI is well specified, to enable future extensions without
> fear that they will break in the face of some rewritings. Another
> is that one consequence of rewriting the Request-URI is that
> integrity or authentication checks by the server may fail; since
> rewriting MUST be avoided in this case, it may as well be
> proscribed in general. Implementers should be aware that some pre-
> HTTP/1.1 proxies do some rewriting.
>
> [ Note that the normative text in the first paragraph seems undecided
> about whether rewriting is a SHOULD NOT (meaning that you can break
> the rule and still claim conditional conformance) or a MUST NOT
> (meaning that any violation of the rule is beyond the pale), but in
> any case, to the extent that this text does in fact reflect WG
> consensus, it seems pretty clear that they think it's a bad idea. ]
We already changed it to a MUST NOT last week. In general, a comment
about the HTTP spec on this list is given high priority, and rst
mentioned that discrepancy in Paris. I also rephrased the above note
so that it would have some connection with reality [nuthin like writing
by committee to make plain common sense seem like perversity].
......Roy