Changeset 1173

Timestamp:

13/03/11 11:39:25 (12 years ago)

Author:

fielding@…

Message:

Clarify that gateways are just origin servers with additional
proxy issues and then refer only to origin servers when
describing their outbound requirements.

Consistently use the term URI instead of URL.

Rewrite the section on Host to be clear on where the information
comes from and how proxies differ from other clients.
Warn about security holes in stupid interception proxies.

Addresses #218

Location:

draft-ietf-httpbis/latest

Files:

• p1-messaging.xml (modified) (13 diffs)
• p2-semantics.xml (modified) (3 diffs)
• p3-payload.xml (modified) (1 diff)
• p6-cache.xml (modified) (2 diffs)

draft-ietf-httpbis/latest/p1-messaging.xml

@@ -710 +710 @@
    requests to the underlying server's protocol.  Gateways are often
    used for load balancing, "accelerator" caching, or partitioning
-   HTTP services across multiple machines.
-   Unlike a proxy, a gateway receives requests as if it were the
-   origin server for the target resource; the requesting client
-   will not be aware that it is communicating with a gateway.
-   A gateway communicates with the client as if the gateway is the
-   origin server and thus is subject to all of the requirements on
-   origin servers for that connection.  A gateway communicates
-   with inbound servers using any protocol it desires, including
-   private extensions to HTTP that are outside the scope of this
-   specification.
+   HTTP services across multiple machines.  Gateways behave as an origin
+   server on the outbound connection and as a proxy on the inbound
+   connection.  All HTTP requirements applicable to an origin server
+   also apply to the outbound communication of a gateway.  A gateway
+   communicates with inbound servers using any protocol it desires,
+   including private extensions to HTTP that are outside the scope of
+   this specification.  However, an HTTP-to-HTTP gateway that wishes
+   to interoperate with third-party HTTP servers &SHOULD; comply with
+   HTTP proxy requirements on the gateway's inbound connection.
 </t>
 <t><iref primary="true" item="tunnel"/>
@@ -1430 +1429 @@
      If this is a request message, the server &MUST; respond with
      a 400 (Bad Request) status code and then close the connection.
-     If this is a response message received by a proxy or gateway, the proxy
-     or gateway &MUST; discard the received response, send a 502 (Bad Gateway)
+     If this is a response message received by a proxy, the proxy
+     &MUST; discard the received response, send a 502 (Bad Gateway)
      status code as its downstream response, and then close the connection.
      If this is a response message received by a user-agent, it &MUST; be
@@ -1634 +1633 @@
 <t><iref item="origin form (of request-target)"/>
    The most common form of request-target is that used when making
-   a request to an origin server or gateway ("origin form").
+   a request to an origin server ("origin form").
    In this case, the absolute path and query components of the URI
    &MUST; be transmitted as the request-target, and the authority component
@@ -2385 +2384 @@
 <t>
    Prior to persistent connections, a separate TCP connection was
-   established to fetch each URL, increasing the load on HTTP servers
+   established for each request, increasing the load on HTTP servers
    and causing congestion on the Internet. The use of inline images and
    other associated data often requires a client to make multiple
@@ -3094 +3093 @@
    A received message that does not have a Date header field &MUST; be
    assigned one by the recipient if the message will be cached by that
-   recipient or gatewayed via a protocol which requires a Date.
+   recipient.
 </t>
 <t>
@@ -3133 +3132 @@
   <x:anchor-alias value="Host-v"/>
 <t>
-   The "Host" header field specifies the Internet host and port
-   number of the resource being requested, allowing the origin server or
-   gateway to differentiate between internally-ambiguous URLs, such as the root
-   "/" URL of a server for multiple host names on a single IP address.
-</t>
-<t>    
-   The Host field value &MUST; represent the naming authority of the origin
-   server or gateway given by the original URL obtained from the user or
-   referring resource (generally an http URI, as described in
-   <xref target="http.uri"/>).
+   The "Host" header field in a request provides the host and port
+   information from the target resource's URI, enabling the origin
+   server to distinguish between resources while servicing requests
+   for multiple host names on a single IP address.  Since the Host
+   field-value is critical information for handling a request, it
+   &SHOULD; be sent as the first header field following the Request-Line.
 </t>
 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Host"/><iref primary="true" item="Grammar" subitem="Host-v"/>
@@ -3149 +3144 @@
 </artwork></figure>
 <t>
-   A "host" without any trailing port information implies the default
-   port for the service requested (e.g., "80" for an HTTP URL). For
-   example, a request on the origin server for
-   &lt;http://www.example.org/pub/WWW/&gt; would properly include:
+   A client &MUST; send a Host header field in all HTTP/1.1 request
+   messages.  If the target resource's URI includes an authority
+   component, then the Host field-value &MUST; be identical to that
+   authority component after excluding any userinfo (<xref target="http.uri"/>).
+   If the authority component is missing or undefined for the target
+   resource's URI, then the Host header field &MUST; be sent with an
+   empty field-value.
+</t>
+<t>
+   For example, a GET request to the origin server for
+   &lt;http://www.example.org/pub/WWW/&gt; would begin with:
 </t>
 <figure><artwork type="message/http; msgtype=&#34;request&#34;" x:indent-with="  ">
@@ -3159 +3161 @@
 </artwork></figure>
 <t>
-   A client &MUST; include a Host header field in all HTTP/1.1 request
-   messages. If the requested URI does not include an Internet host
-   name for the service being requested, then the Host header field &MUST;
-   be given with an empty value. An HTTP/1.1 proxy &MUST; ensure that any
-   request message it forwards does contain an appropriate Host header
-   field that identifies the service being requested by the proxy. All
-   Internet-based HTTP/1.1 servers &MUST; respond with a 400 (Bad Request)
-   status code to any HTTP/1.1 request message which lacks a Host header
-   field.
+   The Host header field &MUST; be sent in an HTTP/1.1 request even
+   if the request-target is in the form of an absolute-URI, since this
+   allows the Host information to be forwarded through ancient HTTP/1.0
+   proxies that might not have implemented Host.
+</t>
+<t>
+   When an HTTP/1.1 proxy receives a request with a request-target in
+   the form of an absolute-URI, the proxy &MUST; ignore the received
+   Host header field (if any) and instead replace it with the host
+   information of the request-target.  When a proxy forwards a request,
+   it &MUST; generate the Host header field based on the received
+   absolute-URI rather than the received Host.
+</t>
+<t>
+   Since the Host header field acts as an application-level routing
+   mechanism, it is a frequent target for malware seeking to poison
+   a shared cache or redirect a request to an unintended server.
+   An interception proxy is particularly vulnerable if it relies on
+   the Host header field value for redirecting requests to internal
+   servers, or for use as a cache key in a shared cache, without
+   first verifying that the intercepted connection is targeting a
+   valid IP address for that host.
+</t>
+<t>
+   A server &MUST; respond with a 400 (Bad Request) status code to
+   any HTTP/1.1 request message that lacks a Host header field and
+   to any request message that contains more than one Host header field
+   or a Host header field with an invalid field-value.
 </t>
 <t>
@@ -3449 +3470 @@
   <x:anchor-alias value="Via-v"/>
 <t>
-   The "Via" header field &MUST; be used by gateways and proxies to
+   The "Via" header field &MUST; be sent by proxies to
    indicate the intermediate protocols and recipients between the user
    agent and the server on requests, and between the origin server and
@@ -3484 +3505 @@
 </t>
 <t>
-   Multiple Via field values represent each proxy or gateway that has
+   Multiple Via field values represent each proxy that has
    forwarded the message. Each recipient &MUST; append its information
    such that the end result is ordered according to the sequence of
@@ -3491 +3512 @@
 <t>
    Comments &MAY; be used in the Via header field to identify the software
-   of the recipient proxy or gateway, analogous to the User-Agent and
+   of the recipient proxy, analogous to the User-Agent and
    Server header fields. However, all comments in the Via field are
    optional and &MAY; be removed by any recipient prior to forwarding the
@@ -3508 +3529 @@
 </artwork></figure>
 <t>
-   Proxies and gateways used as a portal through a network firewall
+   Proxies used as a portal through a network firewall
    &SHOULD-NOT;, by default, forward the names and ports of hosts within
    the firewall region. This information &SHOULD; only be propagated if
@@ -4917 +4938 @@
    Internet will also be able to recover the IP addresses that have been
    allocated for the sole purpose of allowing special-purpose domain
-   names to be used in root-level HTTP URLs. Given the rate of growth of
+   names to be used. Given the rate of growth of
    the Web, and the number of servers already deployed, it is extremely
    important that all implementations of HTTP (including updates to

draft-ietf-httpbis/latest/p2-semantics.xml

@@ -1133 +1133 @@
    &SHOULD; reflect the message received back to the client as the
    message-body of a 200 (OK) response. The final recipient is either the
-   origin server or the first proxy or gateway to receive a Max-Forwards
+   origin server or the first proxy to receive a Max-Forwards
    value of zero (0) in the request (see <xref target="header.max-forwards"/>).
    A TRACE request &MUST-NOT; include a message-body.
@@ -2302 +2302 @@
    TRACE (<xref target="TRACE"/>) and OPTIONS (<xref target="OPTIONS"/>)
    methods to limit the number of times that the request is forwarded by
-   proxies or gateways. This can be useful when the client is attempting to
+   proxies. This can be useful when the client is attempting to
    trace a request which appears to be failing or looping in mid-chain.
 </t>
@@ -2314 +2314 @@
 </t>
 <t>
-   Each proxy or gateway recipient of a TRACE or OPTIONS request
+   Each recipient of a TRACE or OPTIONS request
    containing a Max-Forwards header field &MUST; check and update its
    value prior to forwarding the request. If the received value is zero

draft-ietf-httpbis/latest/p3-payload.xml

@@ -1507 +1507 @@
    client to function as an integrity check of the payload body. Only
    origin servers or user agents &MAY; generate the Content-MD5 header field;
-   proxies and gateways &MUST-NOT; generate it, as this would defeat its
+   proxies &MUST-NOT; generate it, as this would defeat its
    value as an end-to-end integrity check. Any recipient &MAY; check that
    the digest value in this header field matches a corresponding digest

draft-ietf-httpbis/latest/p6-cache.xml

@@ -679 +679 @@
       <x:h>Note:</x:h> RFC 2616 (<xref target="RFC2616" x:fmt=","
       x:sec="13.9"/>) required that caches do not calculate heuristic
-      freshness for URLs with query components (i.e., those containing '?').
+      freshness for URIs with query components (i.e., those containing '?').
       In practice, this has not been widely implemented. Therefore, servers
       are encouraged to send explicit directives (e.g., Cache-Control:
@@ -1100 +1100 @@
 </x:note>
 <t>
-   An intermediary (i.e., a proxy or gateway, whether or not it implements
-   a cache) &MUST; pass cache directives through, regardless of their 
+   A proxy, whether or not it implements a cache, &MUST; pass cache directives
+   through in forwarded messages, regardless of their 
    significance to that application, since the directives might be applicable 
    to all recipients along the request/response chain. It is not possible to