Re: "Hits" pragma from Paul Burchard on 1995-08-15 (ietf-http-wg@w3.org from July to September 1995)

From: Paul Burchard <burchard@cs.princeton.edu>
Date: Mon, 14 Aug 95 21:43:22 -0400
To: Balint Nagy Endre <bne@bne.ind.eunet.hu>
Cc: http wg discussion <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>, fielding@beach.w3.org
Message-Id: <9508150143.AA01886@cs>

"Balint Nagy Endre" <bne@bne.ind.eunet.hu> writes:
> I think the detailed reporting mechanism can better be
> done external to the http protocol.

I don't think externally routed reports create the proper  
incentives for wide adoption -- it's a fragile system that requires  
too much advance cooperation.  In contrast, the forwarding of  
"bundled requests" upon expiration requires no additional  
cooperation between servers and proxies.

> resulting many 1000 char continuation lines may break
> too many implementations

Since multiple Forwarded headers are allowed, this isn't a problem.  
 We can recommend an upper limit on the size of each Forwarded  
header; proxies can then simply collect and compress the logfile in  
chunks as they process large numbers of requests.

Roy Fielding <fielding@beach.w3.org> writes:
> Like Andrew mentioned, this is best done by passing a URL
> to the origin server that tells it where it may retrieve a
> sanitized summary of the data.

Actually, I believe he was suggesting a URL in the *other*  
direction.  Allowing report retrieval from the proxy by the origin  
server would either be less secure, or even more complex and  
unreliable.

> In regard to the proxy passing logfile info to servers, I
> do hope people discussing these issues have looked at the
> Security section of the HTTP spec.

Yes, to be more careful, the log info should rather be:

	*.domain [request-id] timestamp [referer]

where "*.domain" is the hostname sanitized with wildcards as  
needed; the optional Referer is null when it would conflict with  
security; and the presence or absence of the Request-ID is  
controlled at the client (is there any reason for further control at  
the proxy?).

Proxy chains behind firewalls can also be handled systematically,  
either by reprocessing the forwarded log info, or more crudely by  
removing all the log info and retaining only "count" clauses.

--------------------------------------------------------------------
Paul Burchard	<burchard@cs.princeton.edu>
``I'm still learning how to count backwards from infinity...''
--------------------------------------------------------------------

Received on Monday, 14 August 1995 18:44:49 UTC