From nobody@hyperreal.com Sat Dec 21 12:12:32 1996 Received: by taz.hyperreal.com (8.8.3/V2.0) id MAA05722; Sat, 21 Dec 1996 12:12:32 -0800 (PST) Message-Id: <199612212012.MAA05722@taz.hyperreal.com> Date: Sat, 21 Dec 1996 12:12:32 -0800 (PST) From: Kris Rehberg Reply-To: kjrehberg@aol.com To: apbugs@hyperreal.com Subject: When client asks for HTTP/1.0, Apache returns HTTP/1.1 and 1.1-formatted headers X-Send-Pr-Version: 3.2 >Number: 55 >Category: protocol >Synopsis: When client asks for HTTP/1.0, Apache returns HTTP/1.1 and 1.1-formatted headers >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Dec 21 12:20:01 1996 >Last-Modified: Thu Jan 23 16:19:19 PST 1997 >Originator: kjrehberg@aol.com >Organization: >Release: 1.2b2 >Environment: Any >Description: When a client asks for HTTP/1.0 in the http request, Apache still gives back HTTP/1.1 headers. This confuses most proxy software and is incorrect behavior. When the client asks for HTTP/1.0 in the URL request, it expects HTTP 1.0 and 1.0-formatted headers back from the server. Unfortunately, Apache returns HTTP 1.1 and 1.1-formatted headers. The explanation that it returns 1.1 headers is because Apache is "advertising" that it can support 1.1 headers, but this explanation is wrong and is breaking proxy systems such as the proxy system at America Online. Currently, AOL members cannot even visit www.apache.org because of this, nor can they visit other Apache sites running 1.2b2. We have 'hacked' a 1.2b2 site to return the proper 1.0 headers, by changing the "HTTP 1.1" response to "HTTP 1.0", but that's only a hack. Apache should be returning the correct headers in any case. Isn't that the reason the HTTP 1.0 spec required people to append " HTTP/versionnumber" after each URL? It sounds logical to me. But, in the meantime, potentially millions (even tens of millions) of AOL web hits are not getting to Apache web servers at this time. >How-To-Repeat: Just log onto AOL and try to visit www.apache.org. >Fix: Start returning HTTP 1.0 headers when the client asks for HTTP 1.0 headers like servers are supposed to. Good luck, and thanks. %0 >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: fielding State-Changed-When: Thu Jan 23 16:19:18 PST 1997 State-Changed-Why: Apache correctly sends the highest minor version that it supports within the same major version as requested by the client. That is how HTTP is defined to work, for both HTTP/1.0 and HTTP/1.1, and what I intended when I wrote the HTTP specification. Thank you for fixing the reported problem within the AOL proxy code. >Unformatted: