W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

RE: Implications of introducing new scheme and port for existing HTTP servers

From: Rob Polansky <polansky@raptor.com>
Date: Tue, 2 Jun 1998 09:05:32 -0400
To: "David W. Morris" <dwm@xpasc.com>
Cc: http-wg <http-wg@cuckoo.hpl.hp.com>, ipp@pwg.org
Message-Id: <001501bd8e27$1fe3bf50$cb0115ac@raptor.com>
I know of at least one :-) firewall that not only rejects unknown methods
but also examines the HTTP request method as part of its "algorithm". From a
protocol and security perspective, it appears to be the right thing to do.
If you don't understand the method, how can you properly proxy it? Take the
CONNECT method as an example.

In summary, any proxy that is more than a simple packet passer (supports
CONNECT, protocol conversion, proxy authentication, etc.) runs the risk of
failing to pass IPP if it uses a new scheme and/or a new method. Not that
that's a bad thing... :-)

-Rob Polansky

> -----Original Message-----
> From: David W. Morris [mailto:dwm@xpasc.com]
> Sent: Monday, June 01, 1998 10:34 PM
> To: Carl-Uno Manros
> Cc: http-wg@cuckoo.hpl.hp.com; ipp@pwg.org; http-wg@hplb.hpl.hp.com
> Subject: Re: Implications of introducing new scheme and port for
> existing HTTP servers
>
> (I'm also not wild about new HTTP methods as I know of existing proxies
> which will reject unknown methods. Don't know of any which will accept
> unknown methods. I'm also unaware of any firewall software which examines
> the HTTP request method as part of its algorithm but then I'm not a
> firewall expert.)
>
Received on Tuesday, 2 June 1998 06:09:07 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:18 EDT