RE: proxies rewriting URLs

On Fri, 8 Mar 1996, Paul Leach wrote:

> Any digest that included the URI would be wrong if the URI is munged by 
> the proxy. It would break Digest Authentication, for example.
> ----------
> ] From: Larry Masinter  <masinter@parc.xerox.com>
> ] To:  <"http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com">;
> ] <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
> ] Subject: proxies rewriting URLs
> ] Date: Wednesday, March 06, 1996 11:52PM
> ]
> ] Apologies if this is clear in the text, but it didn't seem to be when
> ] I scanned 1.1. Some older proxies seemed to be modifying URLs, e.g.,
> ]
> ] if you
> ]
> ]     GET http://foo.com/test#frob HTTP/1.0
> ]
> ] they might ask foo.com for
> ]
> ]     GET /test%23frob HTTP/1.0
> ]
> ] or vice versa. Is there any reason to disallow this, and if so, what
> ] language would be put in the spec to disallow it; alternatively, if
> ] proxies might do this kind of transformation, what should we say?
> ]

Actually, a proxy munging the URL will cause no problem for digest
authentication.  The URL is duplicated in the uri field of the 
authentication header to deal with exactly this issue.  Of course,
if a proxy munges the Authorization: header then there will be 
problems.

Preventing proxies from munging headers is still a good idea though.

John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu

Received on Sunday, 10 March 1996 16:44:57 UTC