- From: Ben Laurie <ben@algroup.co.uk>
- Date: Fri, 31 May 1996 20:03:57 +0100
- To: HTTP Working Group <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Section 3.3.1 Strictly speaking Universal Time (which I think is actually UTC, not UT) is _not_ the same as GMT - they are guaranteed to be within 0.6s of each other. Section 5.1 'The origin server MUST decode the Request-URI in order to properly interpret the request. In requests that they forward, proxies MUST NOT rewrite the "abs_path" part of a Request-URI in any way except as noted above to replace a null abs_path with "*". Invalid Request-URIs SHOULD be responded to with an appropriate status code. Proxies MAY transform the Request-URI for internal processing purposes, but MUST NOT send such a transformed Request-URI in forwarded requests. Note: This rule ensures that the form of Request-URI is well specified, to enable future extensions without fear that they will break in the face of some rewritings. One consequence of rewriting the Request-URI is that integrity or authentication checks by the server may fail. Implementers should be aware that some pre-HTTP/1.1 proxies have been known to rewrite the Request-URI.' Speaking as one of those responsible for maintaining the Apache proxy module, I wonder about the intent of this paragraph - if a proxy is permitted to rewrite, presumably to make such transformations as a/./b -> a/b and a/b/../c -> a/c, then it hardly seems fair to allow the server to interpret them in a different way. Is this what is intended or are there other kinds of rewriting which it seeks to forbid? Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director Email: ben@algroup.co.uk A.L. Digital Ltd. URL: http://www.algroup.co.uk London, England.
Received on Friday, 31 May 1996 11:59:09 UTC