[PATCH] Normalizing the Host: header
Poul-Henning Kamp
phk at phk.freebsd.dk
Mon Mar 14 17:08:40 CET 2011
In message <10ABE5A2-05CF-47CF-8FA7-FC5A0ECB6C91 at mosso.com>, Adrian Otto writes
:
>In this case, I offer the advice that all host related headers should be
>case folded, because DNS naming is case insensitive. So essentially
>anywhere Varnish handles a hostname for any comparison, it should follow
>the same rules.
Yeah, and that is where the trouble start, short at guessing, we have
no way of knowing which strings are hostnames and which are not.
(think X-My-Secret and cookies...)
Rather than venture into guessing, my attitude so far has been to
take a hands off aproach and force people to think about this
themselves.
Obviously that is nor particularly practical either.
What I'm looking for is the sensible middle ground...
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list