- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 21 Feb 2013 18:21:02 +1100
- To: Willy Tarreau <w@1wt.eu>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 21/02/2013, at 6:06 PM, Willy Tarreau <w@1wt.eu> wrote:
> That's a great test, thanks for reporting this !
> I think that some experiments may be pursued using :
> - valid, known methods and versions (eg: POST * HTTP/1.1)
> - Connection header
>
> I suspect that POST will be blocked on a large number of minimal web
> servers (the least compliant ones), add to that "*" which will most
> often not be accepted, and HTTP/1.1 without a Host header field might
> help getting a quick fail. At this point, I don't know if a Connection
> header could help or not (typically Upgrade).
Hm. POST has a body, so some might try to buffer it, hanging. Anyway, that's a theory; let's look at the numbers:
POST * HTTP/1.1\r\n\r\n
27607 CLOSE
232 CONN_ERR
7309 TIMEOUT
Yep, not as good.
--
Mark Nottingham http://www.mnot.net/
Received on Thursday, 21 February 2013 07:21:29 UTC