- From: Balint Nagy Endre <bne@bne.ind.eunet.hu>
- Date: Tue, 15 Aug 1995 08:06:38 +0200 (MET DST)
- To: burchard@cs.princeton.edu
- Cc: http wg discussion <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Paul Burchard <burchard@cs.princeton.edu> writes: > "Balint Nagy Endre" <bne@bne.ind.eunet.hu> writes: > > I think the detailed reporting mechanism can better be > > done external to the http protocol. > > I don't think externally routed reports create the proper > incentives for wide adoption -- it's a fragile system that requires > too much advance cooperation. In contrast, the forwarding of > "bundled requests" upon expiration requires no additional > cooperation between servers and proxies. I mean detailed reports, not the bare hit counts. Who really needs the statistics, will be willing to work a bit for having them. > > resulting many 1000 char continuation lines may break > > too many implementations > > Since multiple Forwarded headers are allowed, this isn't a problem. > We can recommend an upper limit on the size of each Forwarded > header; proxies can then simply collect and compress the logfile in > chunks as they process large numbers of requests. How can split into small chunks the statistics gathered over the whole expiry period a cache serving thousands of users ? Even in compressed format, this will occupy a significant space, compared to every-day request headers! > > Roy Fielding <fielding@beach.w3.org> writes: > > Like Andrew mentioned, this is best done by passing a URL > > to the origin server that tells it where it may retrieve a > > sanitized summary of the data. > > Actually, I believe he was suggesting a URL in the *other* > direction. Allowing report retrieval from the proxy by the origin > server would either be less secure, or even more complex and > unreliable. > > > In regard to the proxy passing logfile info to servers, I > > do hope people discussing these issues have looked at the > > Security section of the HTTP spec. > > Yes, to be more careful, the log info should rather be: > > *.domain [request-id] timestamp [referer] > > where "*.domain" is the hostname sanitized with wildcards as > needed; the optional Referer is null when it would conflict with > security; and the presence or absence of the Request-ID is > controlled at the client (is there any reason for further control at > the proxy?). All users arent enough picky about security, and a proxy administrator should have possibility to make corrections, when users are weak. > Proxy chains behind firewalls can also be handled systematically, > either by reprocessing the forwarded log info, or more crudely by > removing all the log info and retaining only "count" clauses. This is that further control. Andrew. (Endre Balint Nagy) <bne@bne.ind.eunet.hu>
Received on Monday, 14 August 1995 23:18:19 UTC