You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Aaron Bannert <aa...@clove.org> on 2002/06/26 09:50:42 UTC
Re: Handling invalid requests
On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
> 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
> ^^^
> I went: "uh, why isn't that 4xx??".
> I tried it myself and it seems that we are returning the contents of / (which
> is the default page installed by apache in my case) instead of failing. This
> is with HEAD.
Sounds like a bug in the request-line parser. Until this gets fixed,
maybe it is something to add to STATUS?
-aaron
RE: Handling invalid requests
Posted by Sander Striker <st...@apache.org>.
> From: Cliff Woolley [mailto:jwoolley@virginia.edu]
> Sent: 26 June 2002 10:17
> On Wed, 26 Jun 2002, Aaron Bannert wrote:
>
>> On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
>>> 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
>>> ^^^
>>> I went: "uh, why isn't that 4xx??".
>>> I tried it myself and it seems that we are returning the contents of / (which
>>> is the default page installed by apache in my case) instead of failing. This
>>> is with HEAD.
>>
>> Sounds like a bug in the request-line parser. Until this gets fixed,
>> maybe it is something to add to STATUS?
>
> That is the correct behavior!!! According to the RFC, we have to support
> fully-qualified URL's in the request (eg "http://www.yahoo.com/" here).
> So Apache sees that request, notices that it doesn't have a matching
> virtual host, reverts to the default host, and serves up the URI "/",
> which exists. 200 is correct. Now if you asked for
> "http://dir.yahoo.com/Computers_and_Internet/" or something, then unless
> "/Computers_and_Internet/" happens to be valid in the namespace of your
> default vhost, you'll get the typical 404.
>
> All of this is completely normal.
Whee! Thanks for the heads up Cliff. I hadn't come up with this line
of reasoning yet (wasn't directly obvious to me).
Sander
Re: Handling invalid requests
Posted by Cliff Woolley <jw...@virginia.edu>.
On Wed, 26 Jun 2002, Aaron Bannert wrote:
> On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
> > 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
> > ^^^
> > I went: "uh, why isn't that 4xx??".
> > I tried it myself and it seems that we are returning the contents of / (which
> > is the default page installed by apache in my case) instead of failing. This
> > is with HEAD.
>
> Sounds like a bug in the request-line parser. Until this gets fixed,
> maybe it is something to add to STATUS?
That is the correct behavior!!! According to the RFC, we have to support
fully-qualified URL's in the request (eg "http://www.yahoo.com/" here).
So Apache sees that request, notices that it doesn't have a matching
virtual host, reverts to the default host, and serves up the URI "/",
which exists. 200 is correct. Now if you asked for
"http://dir.yahoo.com/Computers_and_Internet/" or something, then unless
"/Computers_and_Internet/" happens to be valid in the namespace of your
default vhost, you'll get the typical 404.
All of this is completely normal.
--Cliff