Re: HTTP/2.0 Magic from Mark Nottingham on 2013-02-21 (ietf-http-wg@w3.org from January to March 2013)

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 21 Feb 2013 18:35:04 +1100
To: Willy Tarreau <w@1wt.eu>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <5C4A8E44-E81C-486C-A1C1-C9D0E2B4BD21@mnot.net>

On 21/02/2013, at 6:29 PM, Willy Tarreau <w@1wt.eu> wrote:

> On Thu, Feb 21, 2013 at 06:21:02PM +1100, Mark Nottingham wrote:
>> 
>> On 21/02/2013, at 6:06 PM, Willy Tarreau <w@1wt.eu> wrote:
>> 
>>> That's a great test, thanks for reporting this !
>>> I think that some experiments may be pursued using :
>>> - valid, known methods and versions (eg: POST * HTTP/1.1)
>>> - Connection header
>>> 
>>> I suspect that POST will be blocked on a large number of minimal web
>>> servers (the least compliant ones), add to that "*" which will most
>>> often not be accepted, and HTTP/1.1 without a Host header field might
>>> help getting a quick fail. At this point, I don't know if a Connection
>>> header could help or not (typically Upgrade).
>> 
>> Hm. POST has a body, so some might try to buffer it, hanging. Anyway, that's a theory; let's look at the numbers:
>> 
>> POST * HTTP/1.1\r\n\r\n
>>  27607 CLOSE
>>    232 CONN_ERR
>>   7309 TIMEOUT
>> 
>> Yep, not as good. 
> 
> Indeedr, thanks!
> 
> Do you know if the ones which timeout in your tests respond to
> anything ? And if so, maybe we'll find some patterns (eg: just
> a few very specific implementations) that are worth studying ?
> 
> It's also possible that those are blocked by IDS/IPS in front
> of them simply dropping packets, at which point trying completely
> valid requests might help.


Here's the top 50 Server strings from the 3589 TIMEOUTs from the best one so far (the tail is *long*):

    587 Microsoft-IIS/6.0
    386 Apache
    379 -
    280 Microsoft-IIS/7.5
     56 Microsoft-HTTPAPI/2.0
     49 Microsoft-IIS/7.0
     46 Apache-Coyote/1.1
     44 Apache/2.2.3 (Red Hat)
     37 Apache/2.2.3 (CentOS)
     26 IBM_HTTP_Server
     19 Microsoft-IIS/5.0
     18 nginx
     17 BigIP
     16 Apache/2.2.16 (Debian)
     15 Apache/2.2.14 (Ubuntu)
     12 Sun-ONE-Web-Server/6.1
     12 Apache/2.0.52 (Red Hat)
     10 Mbedthis-Appweb/2.4.2
     10 LiteSpeed
      9 Lotus-Domino
      8 Netscape-Enterprise/6.0
      8 Apache/2.2.15 (Red Hat)
      8 Apache/1.3.31
      7 FlashCom/3.5.7
      7 Apache/2
      7 
      6 squid/3.0.STABLE20
      6 Servidor-Web
      6 Oracle-iPlanet-Web-Server/7.0
      6 nginx/0.7.67
      6 Microsoft-IIS/6.0, 2
      6 Apache/2.2.22 (Ubuntu)
      5 Netscape-Enterprise/4.1
      5 FileMakerPro/6.0v4 WebCompanion/6.0v3
      5 FileMakerPro/6.0v4 WebCompanion/6.0v1
      5 Apache/2.2.3 (Linux/SUSE)
      5 Apache/2.2.15 (CentOS)
      5 Apache/2.2.10 (Linux/SUSE)
      4 Zeus/4.3
      4 nginx/1.2.4
      4 Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 Resin/3.1.6
      4 Apache/2.2.0 (Fedora)
      3 Zope/(Zope 2.10.13-final, python 2.4.6, linux2) ZServer/1.1 Plone/3.3.6
      3 none
      3 Apache/2.4.3 (Unix)
      3 Apache/2.2.3 (Unix) mod_jk/1.2.19 mod_ssl/2.2.3 OpenSSL/0.9.8d
      3 Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8a DAV/2 PHP/5.3.2
      3 Apache/2.2.20 (Ubuntu)
      3 Apache/2.2.17 (Fedora)
      3 Apache/2.2.12 (Linux/SUSE)


--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 21 February 2013 07:35:31 UTC