Re: Host: header and port number from Shel Kaphan on 1996-01-24 (ietf-http-wg@w3.org from January to March 1996)

From: Shel Kaphan <sjk@amazon.com>
Date: Tue, 23 Jan 1996 23:22:27 -0800
To: Balint Nagy Endre <bne@bne.ind.eunet.hu>
Cc: http WG <http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com>
Message-Id: <199601240722.XAA28277@bert.amazon.com>

Balint Nagy Endre writes:
 > Shel Kaphan writes:
	...
 > > For example you could set up externally visible services on ports
 > > 8000, 8001, 8002, ... and have them all translate down to port 80 (or
 > > whatever) on the inside of the firewall.
	...
 > > --Shel

 > Hmm. If a request contains a port number different from the port to which
 > it's sent, then the server is question should
 > 1. refuse the request if it isn't acting as proxy
 > 2. forward it in a usual way, if provides proxy service.
	...
 > Andrew. (Endre Balint Nagy) <bne@bne.ind.eunet.hu>

What happens inside a local network doesn't have to be so
standardized.  As has been pointed out before, though the
functionality is similar, gateways provide a different service than
proxies.  An http server running on a firewall which is intended to
provide service to users outside a local network may support services
visible on the outside of the firewall that the server's managers
would like to be handled in special ways on the inside.  ***If I had
software that could do this stuff, I'd be using it*** Just because the
externally visible request is on port N, doesn't mean the request has
to be communicated on port N inside the firewall.  If the protocol
allowed this information to stay in some part of the request, so that
the servers inside the firewall could be standard servers, then the
original request could be sent unmolested, even if on a different TCP
port.  Otherwise, to get a similar effect, the gateway server running
on the firewall would have to perform hostname or URL translations or
some other similarly hard to manage hack to differentiate between
requests to the same host but different ports.  I see no reason why a
server -- especially one running inside a private net -- would have to
check that the port in the request matched the actual TCP port to
which it was listening.

But since this seems somehow to be a "done deal" it isn't worth
arguing about it too much.  In fact, I just wasted 15 minutes
composing this!

Received on Wednesday, 24 January 1996 00:16:29 UTC