- From: Willy Tarreau <w@1wt.eu>
- Date: Sat, 16 Mar 2013 19:15:28 +0100
- To: Zhong Yu <zhong.j.yu@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sat, Mar 16, 2013 at 12:35:57PM -0500, Zhong Yu wrote: > > GET /alive HTTP/1.1 > > Host: > > Is this really a legitimate HTTP request? I know at least one server which accepts it but does not accept a request without "Host". > We can't construct an HTTP > URL from it, so it's unclear what it is requesting. Ii depends. When all you need is direct connectivity (I mean an address-agnostic request), http:///path/ could very well be valid. For example when you connect over a local unix socket, you have no ip nor address to indicate either in the request. > Of course, the load balancer doesn't care about legality when it just > wants to do a ping. Then why not simply send a request *without* Host > header? Certainly the server will not crash because of that. The load > balancer should receive a 400 response. The server will return a 400 indicating an error instead of processing it as a valid request. You'll also note that on a number of web sites you can get the default Host name when you only know the ip:port by sending such a request, because they respond with a 301 redirect with the FQDN in the URL :-) Willy
Received on Saturday, 16 March 2013 18:16:02 UTC