W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: Host header with an empty value?

From: Zhong Yu <zhong.j.yu@gmail.com>
Date: Sat, 16 Mar 2013 12:35:57 -0500
Message-ID: <CACuKZqHq+h7uLuX8yVWy02eWksZgfE-K4+z1ks5EDyK5ec9iew@mail.gmail.com>
To: Willy Tarreau <w@1wt.eu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Mar 16, 2013 at 11:43 AM, Willy Tarreau <w@1wt.eu> wrote:
> On Sat, Mar 16, 2013 at 11:26:15AM -0500, Zhong Yu wrote:
>> Quoting http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-5.4
>>    A client MUST send a Host header field in all HTTP/1.1 request
>>    messages.
>>    If the target URI includes an authority component, then
>>    the Host field-value MUST be identical to that authority component
>>    after excluding any userinfo (Section 2.7.1).
>>    If the authority
>>    component is missing or undefined for the target URI, then the Host
>>    header field MUST be sent with an empty field-value.
>> Can someone elaborate on the last sentence and give an example? Thanks.
> It means that if the only thing you know is the path on the target server
> and you have no idea about the host, then you must send the Host header
> field anyway, but it must be left empty. For example, a load balancer
> may send the following request to check that a server is alive or not,
> whatever the virtual hosts installed on the server :
>         GET /alive HTTP/1.1
>         Host:

Is this really a legitimate HTTP request? We can't construct an HTTP
URL from it, so it's unclear what it is requesting.

Of course, the load balancer doesn't care about legality when it just
wants to do a ping. Then why not simply send a request *without* Host
header? Certainly the server will not crash because of that. The load
balancer should receive a 400 response.

Zhong Yu
Received on Saturday, 16 March 2013 17:36:25 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:10 UTC