Re: HTTP/1.1 CONNECT request without Host header

the interesting thing is that for the CONNECT method, RFC2616 doesn't 
say explicitly what part of the request provides the host information 
for the connection.  It only does this for AbsoluteURI and abs_path, not 
authority or "*" ( since Request-URI := "*" | AbsoluteURI | abs_path | 
authority )

The RFC for tunnelling does however.  So basically we're saying the Host 
header must be there, but it must be ignored.

I guess there are still enough proxies out there willing to honour an 
HTTP/1.1 CONNECT request without one, else the vendors of this software 
would have fixed it by now.

Cheers

Adrien


Daniel Stenberg wrote:
> On Wed, 17 Jun 2009, Adrien de Croy wrote:
>
>> I recently updated our proxy to reject all HTTP/1.1 messages from 
>> clients that lack a Host header.
>>
>> This has been found to break a number of clients which use the 
>> CONNECT method.
>
> Let me also mention that I remember that back in the days when I wrote 
> my first CONNECT requests, they were being ignored or not at least not 
> treated well by many proxies when we did them without Host: header.
>
> I haven't checked this situation in a long time, but I would assume 
> that this is still at least partly the case. Thus, doing CONNECTs 
> host-less is already non functional in the real world.
>

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com

Received on Wednesday, 17 June 2009 10:26:26 UTC