RE: Fun w/ Proxies-Firewalls

1. The Raptor text is nonsense. Anyone can send any method they damn well
please over 1.0 or 1.1. Saying OPTIONS is not part of HTTP/1.0 is like
saying you can't use any functions in C that aren't defined in K&R. Now,
their complaint about the use of "*" is more reasonable but since they
apparently support the host header they really have nothing to complain
about. They should just act dumb and blindly pass it on.

2. Any windows system running WebDAV must be using at least IE 5.0 and IE
5.0 defaults to HTTP/1.0 whenever it talks to a proxy. This behavior can be
overridden if you can reach deep enough into tools - internet options -
advanced - HTTP/1.1 settings. The reason for this behavior is that we found
a number of 1.0 proxies which do not change the version number on
requests/responses to 1.0. I send a 1.1 request to the proxy and get back a
1.1 response, so I figure I'm on a 1.1 clean connection, then things go bad
because I'm not. Now the via header would be a real good tip off here but
what happens if the first proxy really is 1.1 but the next one isn't? All
these problems have work arounds but in practice nobody implemented them, so
we decided to stay on the safe side. This shouldn't, however, have stopped
Web Folders from working through a proxy.

3. I just connected to http://msdav.lyra.org/dav/ and
http://sandbox.xerox.com:8080/ through a MS proxy using web folders w/out
any problem. The entire communication was over HTTP/1.0.

		Yaron

> -----Original Message-----
> From: Kevin Wiggen [mailto:wiggs@wiggenout.com]
> Sent: Saturday, August 21, 1999 9:33 AM
> To: Joe Orton
> Cc: w3c-dist-auth@w3.org
> Subject: RE: Fun w/ Proxies-Firewalls
> 
> 
> 
> This is a good point.  I was working with Raptor v5 & v6 for 
> HTTP proxy
> services, a Squid?? (that one is a friend of mine) proxy, and the
> JavaWebserver Proxy.
> 
> We were looking at the Logs of the Proxies as we went.  When 
> the checkbox
> for "use proxy" is set in IE, it simply never sends the 
> OPTIONS request....
> 
> On that same note, if your client mistakenly sends an OPTIONS with a
> HTTP/1.0 Header, most Firewalls I looked at will block it.  
> So be careful.
> (I noticed that the GET /_vti stuff still sends HTTP/1.0 
> headers.  I thought
> this might be the problem, but by viewing the logs it was 
> not)  In viewing
> the Sharemation logs, there are some OPTIONS requests with 
> the 1.0 Header.
> The following is out of the Raptor FAQ:
> 
> <RAPTOR>
> 219 Can't parse URL:  (OPTIONS * HTTP/1.0 ......
> The browser requested the use of the OPTIONS methods, but 
> OPTIONS is not
> part of the HTTP/1.0 standard.  It is part of HTTP/1.1.  The 
> browser may be
> allowed to ask for it, but it should specify HTTP/1.1 in the 
> request header.
> The Raptor Firewall acts correctly in refusing to support it.
> </RAPTOR>
> 
> Kevin
> 

Received on Saturday, 21 August 1999 18:40:51 UTC