You are viewing a plain text version of this content. The canonical link for it is here.
Posted to watchdog-dev@jakarta.apache.org by Greg Wilkins <gr...@mortbay.com> on 2002/02/04 05:04:33 UTC
Host header again.
Ryan,
Thanks for adding the Host header into watchdog - however there is still
a problem.
By default you are only setting
Host: localhost
when you should be setting
Host: localhost:8080
The RFC says:
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
A "host" without any trailing port information implies the default
port for the service requested (e.g., "80" for an HTTP URL).
So even though Jetty receives the requests on port 8080, getServerPort
returns 80, as this is what the Host header indicates the client used
for their request and that some proxy or gateway did the redirection to
port 8080.
Note that there is even a difference between
Host: localhost:80
and
Host: localhost
As some browsers treat cookies set for localhost:80 as being for a different host
than just localhost. So Jetty tries to be rigorous when rewriting URLs to always use
the exact form that was specified in the host header.
cheers
cheers
--
Greg Wilkins<gr...@mortbay.com> GB Phone: +44-(0)7092063462
Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631
http://www.mortbay.com AU Phone: +61-(0)2 98107029
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [jetty-discuss] Re: Host header again.
Posted by Ryan Lubke <Ry...@Sun.COM>.
Great to see that they are all passing.
>
> But I'm sure you guys will add some more tests soon that will ruin this for me :-(
>
>
> I'm very interested to see how we go when security constraints are added
> to the tests. I know it will be a bit difficult to get a test infrustructure
> going, but that part of the spec is very vague and is going to be rich
> pickings for different interpretaions!
Still working on how to integrate the existing security tests we have
into Watchdog. Might be a bit slow in coming due to new commitments,
but they will eventually get in.
>
> thanks again.
>
>
>
> --
> Greg Wilkins<gr...@mortbay.com> GB Phone: +44-(0)7092063462
> Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631
> http://www.mortbay.com AU Phone: +61-(0)2 98107029
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: [jetty-discuss] Re: Host header again.
Posted by Greg Wilkins <gr...@mortbay.com>.
Ryan Lubke wrote:
> Doesn't pay to rush does it :).
> Fixed.
Thanks for the fast turn around
> So aside from this problem with the Host header, how goes testing?
Not bad after your fix running against Jetty 4.0 Beta0:
[515] ant servlet
...
[java] [watchdog] ------- TEST SUMMARY -------
[java] [watchdog] *** 348 TEST(S) PASSED! ***
[java] [watchdog] *** 0 TEST(S) FAILED! ***
[516] ant jsp
...
[java] [watchdog] ------- TEST SUMMARY -------
[java] [watchdog] *** 182 TEST(S) PASSED! ***
[java] [watchdog] *** 0 TEST(S) FAILED! ***
But I'm sure you guys will add some more tests soon that will ruin this for me :-(
I'm very interested to see how we go when security constraints are added
to the tests. I know it will be a bit difficult to get a test infrustructure
going, but that part of the spec is very vague and is going to be rich
pickings for different interpretaions!
thanks again.
--
Greg Wilkins<gr...@mortbay.com> GB Phone: +44-(0)7092063462
Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631
http://www.mortbay.com AU Phone: +61-(0)2 98107029
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Host header again.
Posted by Ryan Lubke <Ry...@Sun.COM>.
We had a discussion about this and section 19.6.1.1 suggests that HTTP
1.0 applications be updated to support, among other items listed, the
Host header.
On Mon, 2002-02-04 at 09:07, Christopher K. St. John wrote:
> Ryan Lubke wrote:
> >
> > [java] [watchdog] REQUEST: GET
> > /servlet-tests/GetContentLengthTest HTTP/1.0
> > [java] [watchdog] REQUEST HEADER: Host: localhost:8080
> >
>
> HTTP/1.0 doesn't define the Host header.
>
> --
> Christopher St. John cks@distributopia.com
> DistribuTopia http://www.distributopia.com
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Host header again.
Posted by "Christopher K. St. John" <ck...@distributopia.com>.
Ryan Lubke wrote:
>
> [java] [watchdog] REQUEST: GET
> /servlet-tests/GetContentLengthTest HTTP/1.0
> [java] [watchdog] REQUEST HEADER: Host: localhost:8080
>
HTTP/1.0 doesn't define the Host header.
--
Christopher St. John cks@distributopia.com
DistribuTopia http://www.distributopia.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Host header again.
Posted by Ryan Lubke <Ry...@Sun.COM>.
Greg,
Doesn't pay to rush does it :).
Fixed.
Here is some sample trace output:
*******************************************************************
[java] GetContentLengthTest:
[java] [watchdog] REQUEST: GET
/servlet-tests/GetContentLengthTest HTTP/1.0
[java] [watchdog] REQUEST HEADER: Host: localhost:8080
[java] [watchdog] REQUEST HEADER: Content-Type: text/plain
[java] [watchdog] REQUEST HEADER: Content-Length: 20
[java] [watchdog] RESPONSE STATUS-LINE: HTTP/1.1 200 OK
[java] [watchdog] RESPONSE HEADER: Date: Mon, 04 Feb 2002
12:47:09 GMT
[java] [watchdog] RESPONSE HEADER: Server: Apache Tomcat/4.1-dev
(HTTP/1.1 Connector)
[java] [watchdog] RESPONSE HEADER: Connection: close
[java] [watchdog] RESPONSE BODY:
[java] [watchdog] GetContentLengthTest test PASSED
[java] [watchdog]
[java] [watchdog] closing socket
[java] [watchdog] Performing exact match of server response and
goldenfile
[java] [watchdog] PASSED GetContentLengthTest
[java] [watchdog] (GET /servlet-tests/GetContentLengthTest
HTTP/1.0)
[java]
[java] BUILD SUCCESSFUL
[java]
[java] Total time: 2 seconds
*************************************************************
So aside from this problem with the Host header, how goes testing?
Regards,
Ryan Lubke
On Sun, 2002-02-03 at 23:04, Greg Wilkins wrote:
>
> Ryan,
>
> Thanks for adding the Host header into watchdog - however there is still
> a problem.
>
> By default you are only setting
>
> Host: localhost
>
> when you should be setting
>
> Host: localhost:8080
>
>
> The RFC says:
>
> Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
>
> A "host" without any trailing port information implies the default
> port for the service requested (e.g., "80" for an HTTP URL).
>
> So even though Jetty receives the requests on port 8080, getServerPort
> returns 80, as this is what the Host header indicates the client used
> for their request and that some proxy or gateway did the redirection to
> port 8080.
>
> Note that there is even a difference between
>
> Host: localhost:80
>
> and
>
> Host: localhost
>
> As some browsers treat cookies set for localhost:80 as being for a different host
> than just localhost. So Jetty tries to be rigorous when rewriting URLs to always use
> the exact form that was specified in the host header.
>
>
> cheers
>
>
>
> cheers
>
>
> --
> Greg Wilkins<gr...@mortbay.com> GB Phone: +44-(0)7092063462
> Mort Bay Consulting Australia and UK. Mbl Phone: +61-(0)4 17786631
> http://www.mortbay.com AU Phone: +61-(0)2 98107029
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>