- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Sat, 16 Mar 2013 12:35:57 -0500
- To: Willy Tarreau <w@1wt.eu>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Mar 16, 2013 at 11:43 AM, Willy Tarreau <w@1wt.eu> wrote: > On Sat, Mar 16, 2013 at 11:26:15AM -0500, Zhong Yu wrote: >> Quoting http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-5.4 >> >> A client MUST send a Host header field in all HTTP/1.1 request >> messages. >> >> If the target URI includes an authority component, then >> the Host field-value MUST be identical to that authority component >> after excluding any userinfo (Section 2.7.1). >> >> If the authority >> component is missing or undefined for the target URI, then the Host >> header field MUST be sent with an empty field-value. >> >> Can someone elaborate on the last sentence and give an example? Thanks. > > It means that if the only thing you know is the path on the target server > and you have no idea about the host, then you must send the Host header > field anyway, but it must be left empty. For example, a load balancer > may send the following request to check that a server is alive or not, > whatever the virtual hosts installed on the server : > > GET /alive HTTP/1.1 > Host: Is this really a legitimate HTTP request? We can't construct an HTTP URL from it, so it's unclear what it is requesting. Of course, the load balancer doesn't care about legality when it just wants to do a ping. Then why not simply send a request *without* Host header? Certainly the server will not crash because of that. The load balancer should receive a 400 response. Zhong Yu
Received on Saturday, 16 March 2013 17:36:25 UTC