W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2004

Bad header syntax -- is this par for the course?

From: Jamie Lokier <jamie@shareable.org>
Date: Wed, 23 Jun 2004 12:42:25 +0100
To: ietf-http-wg@w3.org
Message-ID: <20040623114225.GB31501@mail.shareable.org>

Take a look at the HTTP response below, from a real server.
The line beginning with "CP" is clearly not valid HTTP/1.0 or HTTP/1.1
syntax.

Is this sort of thing commonplace?

I was rather hoping to write a proxy that could at least assume the
basic lexical syntax of HTTP/1.0 and /1.1 -- so as not to forward
invalid syntax, which is a security hole -- but it appears not.

Is there a well known of server/proxy bugs, and the workarounds needed
by a robust client/proxy in the real world, so I don't have to repeat
the research people have done before?

(There's a fairly good list of known client bugs at apache.org, but
they don't document server/proxy bugs).

Thanks,
-- Jamie


[jamie@mail jamie]$ telnet www.qvcuk.com 80
Trying 167.140.19.50...
Connected to www.qvcuk.com.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: www.qvcuk.com

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 23 Jun 2004 11:35:32 GMT
CP="IDC DSP COR LAW CURa ADMi DEVi TAIi PSAi PSDi OUR IND UNI": CP="IDC DSP COR LAW CURa ADMi DEVi TAIi PSAi PSDi OUR IND UNI"
X-Powered-By: ASP.NET
Connection: close
Content-Type: text/html

Connection closed by foreign host.
[jamie@mail jamie]$
Received on Wednesday, 23 June 2004 07:42:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:31 GMT