W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: HTTP/2.0 Magic

From: Willy Tarreau <w@1wt.eu>
Date: Thu, 21 Feb 2013 08:29:17 +0100
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <20130221072917.GE6463@1wt.eu>
On Thu, Feb 21, 2013 at 06:21:02PM +1100, Mark Nottingham wrote:
> 
> On 21/02/2013, at 6:06 PM, Willy Tarreau <w@1wt.eu> wrote:
> 
> > That's a great test, thanks for reporting this !
> > I think that some experiments may be pursued using :
> >  - valid, known methods and versions (eg: POST * HTTP/1.1)
> >  - Connection header
> > 
> > I suspect that POST will be blocked on a large number of minimal web
> > servers (the least compliant ones), add to that "*" which will most
> > often not be accepted, and HTTP/1.1 without a Host header field might
> > help getting a quick fail. At this point, I don't know if a Connection
> > header could help or not (typically Upgrade).
> 
> Hm. POST has a body, so some might try to buffer it, hanging. Anyway, that's a theory; let's look at the numbers:
> 
> POST * HTTP/1.1\r\n\r\n
>   27607 CLOSE
>     232 CONN_ERR
>    7309 TIMEOUT
> 
> Yep, not as good. 

Indeedr, thanks!

Do you know if the ones which timeout in your tests respond to
anything ? And if so, maybe we'll find some patterns (eg: just
a few very specific implementations) that are worth studying ?

It's also possible that those are blocked by IDS/IPS in front
of them simply dropping packets, at which point trying completely
valid requests might help.

Willy
Received on Thursday, 21 February 2013 07:29:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 21 February 2013 07:29:49 GMT