You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Aaron Bannert <aa...@clove.org> on 2002/06/26 09:50:42 UTC

Re: Handling invalid requests

On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
> 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
>                                                                                    ^^^
> I went: "uh, why isn't that 4xx??".
> I tried it myself and it seems that we are returning the contents of / (which
> is the default page installed by apache in my case) instead of failing.  This
> is with HEAD.

Sounds like a bug in the request-line parser. Until this gets fixed,
maybe it is something to add to STATUS?

-aaron

RE: Handling invalid requests

Posted by Sander Striker <st...@apache.org>.

> From: Cliff Woolley [mailto:jwoolley@virginia.edu]
> Sent: 26 June 2002 10:17

> On Wed, 26 Jun 2002, Aaron Bannert wrote:
> 
>> On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
>>> 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
>>>                                                                                    ^^^
>>> I went: "uh, why isn't that 4xx??".
>>> I tried it myself and it seems that we are returning the contents of / (which
>>> is the default page installed by apache in my case) instead of failing.  This
>>> is with HEAD.
>>
>> Sounds like a bug in the request-line parser. Until this gets fixed,
>> maybe it is something to add to STATUS?
> 
> That is the correct behavior!!!  According to the RFC, we have to support
> fully-qualified URL's in the request (eg "http://www.yahoo.com/" here).
> So Apache sees that request, notices that it doesn't have a matching
> virtual host, reverts to the default host, and serves up the URI "/",
> which exists.  200 is correct.  Now if you asked for
> "http://dir.yahoo.com/Computers_and_Internet/" or something, then unless
> "/Computers_and_Internet/" happens to be valid in the namespace of your
> default vhost, you'll get the typical 404.
> 
> All of this is completely normal.

Whee!  Thanks for the heads up Cliff.  I hadn't come up with this line
of reasoning yet (wasn't directly obvious to me).

Sander

Re: Handling invalid requests

Posted by Cliff Woolley <jw...@virginia.edu>.

On Wed, 26 Jun 2002, Aaron Bannert wrote:

> On Wed, Jun 26, 2002 at 09:51:51AM +0200, Sander Striker wrote:
> > 62.211.25.97 - - [26/Jun/2002:04:55:35 +0200] "GET http://www.yahoo.com/ HTTP/1.1" 200 1456
> >                                                                                    ^^^
> > I went: "uh, why isn't that 4xx??".
> > I tried it myself and it seems that we are returning the contents of / (which
> > is the default page installed by apache in my case) instead of failing.  This
> > is with HEAD.
>
> Sounds like a bug in the request-line parser. Until this gets fixed,
> maybe it is something to add to STATUS?

That is the correct behavior!!!  According to the RFC, we have to support
fully-qualified URL's in the request (eg "http://www.yahoo.com/" here).
So Apache sees that request, notices that it doesn't have a matching
virtual host, reverts to the default host, and serves up the URI "/",
which exists.  200 is correct.  Now if you asked for
"http://dir.yahoo.com/Computers_and_Internet/" or something, then unless
"/Computers_and_Internet/" happens to be valid in the namespace of your
default vhost, you'll get the typical 404.

All of this is completely normal.

--Cliff