On Mon, Jul 7, 2014 at 4:16 PM, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message < > CAP+FsNfLuFj9aFVVzy6khFBZHmB5FMeFm0+2GLSw_KVQQppyqg@mail.gmail.com>, > Roberto Peon wri > tes: > > >Lets make it concrete. > >Client A,is speaking to a proxy B, to servers C, D. > >Server C wants a max header limit of 4k. > >Server D wants a max header limit of 8k. > > > >What does proxy B do? > > What is proxy B's job? > > If proxy B is a corporate SOX-compliance proxy that needs your > kerberos ticket to let you through, it will tell you that it > takes 64K frames and send you 413 if the headerset is bigger > than what C or D (depending on Host:) will accept, after having > stripped the Kerberos ticket out. > Sure. > > If proxy B is a CDN with two servers behind RFC1149 connectivity, > it will announce something big enough for what you might send > and then it will file away at the headers, in contract with > server C and D, until they are small enough to tied to the legs. > And if it can't, then it will 413 the request for lack of any other option. > > If proxy B is a load-balancer in front of C and D, it will > advertise the max, ie 8K, and if you send an 8K header > destined for server C, it will either send you a 413 or > in contract with server C rewrite the request so server > C gets to emit the 413. > Agreed. I'll note that we're still needing to send 413s from proxies/loadbalancers/gateways in many cases. -=R > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. >
Received on Monday, 7 July 2014 23:23:09 UTC