W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: "Hits" pragma

From: Balint Nagy Endre <bne@bne.ind.eunet.hu>
Date: Tue, 15 Aug 1995 08:06:38 +0200 (MET DST)
Message-Id: <199508150606.IAA00396@bne.ind.eunet.hu>
To: burchard@cs.princeton.edu
Cc: http wg discussion <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Paul Burchard <burchard@cs.princeton.edu> writes:
> "Balint Nagy Endre" <bne@bne.ind.eunet.hu> writes:
> > I think the detailed reporting mechanism can better be
> > done external to the http protocol.
> 
> I don't think externally routed reports create the proper  
> incentives for wide adoption -- it's a fragile system that requires  
> too much advance cooperation.  In contrast, the forwarding of  
> "bundled requests" upon expiration requires no additional  
> cooperation between servers and proxies.
I mean detailed reports, not the bare hit counts. Who really needs the
statistics, will be willing to work a bit for having them.
> > resulting many 1000 char continuation lines may break
> > too many implementations
> 
> Since multiple Forwarded headers are allowed, this isn't a problem.  
>  We can recommend an upper limit on the size of each Forwarded  
> header; proxies can then simply collect and compress the logfile in  
> chunks as they process large numbers of requests.
How can split into small chunks the statistics gathered over the whole expiry
period a cache serving thousands of users ? Even in compressed format, this will
occupy a significant space, compared to every-day request headers!
> 
> Roy Fielding <fielding@beach.w3.org> writes:
> > Like Andrew mentioned, this is best done by passing a URL
> > to the origin server that tells it where it may retrieve a
> > sanitized summary of the data.
> 
> Actually, I believe he was suggesting a URL in the *other*  
> direction.  Allowing report retrieval from the proxy by the origin  
> server would either be less secure, or even more complex and  
> unreliable.
> 
> > In regard to the proxy passing logfile info to servers, I
> > do hope people discussing these issues have looked at the
> > Security section of the HTTP spec.
> 
> Yes, to be more careful, the log info should rather be:
> 
> 	*.domain [request-id] timestamp [referer]
> 
> where "*.domain" is the hostname sanitized with wildcards as  
> needed; the optional Referer is null when it would conflict with  
> security; and the presence or absence of the Request-ID is  
> controlled at the client (is there any reason for further control at  
> the proxy?).
All users arent enough picky about security, and a proxy administrator should
have possibility to make corrections, when users are weak.
> Proxy chains behind firewalls can also be handled systematically,  
> either by reprocessing the forwarded log info, or more crudely by  
> removing all the log info and retaining only "count" clauses.
This is that further control.

Andrew. (Endre Balint Nagy) <bne@bne.ind.eunet.hu>
Received on Monday, 14 August 1995 23:18:19 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:24 EDT