- From: Jamie Lokier <jamie@shareable.org>
- Date: Wed, 23 Jun 2004 12:42:25 +0100
- To: ietf-http-wg@w3.org
Take a look at the HTTP response below, from a real server. The line beginning with "CP" is clearly not valid HTTP/1.0 or HTTP/1.1 syntax. Is this sort of thing commonplace? I was rather hoping to write a proxy that could at least assume the basic lexical syntax of HTTP/1.0 and /1.1 -- so as not to forward invalid syntax, which is a security hole -- but it appears not. Is there a well known of server/proxy bugs, and the workarounds needed by a robust client/proxy in the real world, so I don't have to repeat the research people have done before? (There's a fairly good list of known client bugs at apache.org, but they don't document server/proxy bugs). Thanks, -- Jamie [jamie@mail jamie]$ telnet www.qvcuk.com 80 Trying 167.140.19.50... Connected to www.qvcuk.com. Escape character is '^]'. HEAD / HTTP/1.1 Host: www.qvcuk.com HTTP/1.1 200 OK Server: Microsoft-IIS/5.0 Date: Wed, 23 Jun 2004 11:35:32 GMT CP="IDC DSP COR LAW CURa ADMi DEVi TAIi PSAi PSDi OUR IND UNI": CP="IDC DSP COR LAW CURa ADMi DEVi TAIi PSAi PSDi OUR IND UNI" X-Powered-By: ASP.NET Connection: close Content-Type: text/html Connection closed by foreign host. [jamie@mail jamie]$
Received on Wednesday, 23 June 2004 07:42:34 UTC