RFC 3143, "Known HTTP Proxy/Caching Problems", June 2001Source of RFC: Legacy
Area Assignment: app
Errata ID: 1634
Status: Held for Document Update
Publication Format(s) : TEXT
Reported By: Julian Reschke
Date Reported: 2008-12-13
Held for Document Update by: Alexey Melnikov
Date Held: 2010-11-06
Section 2.2.2 says:
2.2.2 Interception proxies prevent introduction of new HTTP methods Name Interception proxies prevent introduction of new HTTP methods Classification Architecture Description A proxy that receives a request with a method unknown to it is required to generate an HTTP 501 Error as a response. HTTP methods are designed to be extensible so there may be applications deployed with initial support just for the user agent and origin server. An interception proxy that hijacks requests which include new methods destined for servers that have implemented those methods creates a de-facto firewall where none may be intended. Significance Medium within interception proxy environments. Implications Renders new compliant applications useless unless modifications are made to proxy software. Because new methods are not required to be globally standardized it is impossible to keep up to date in the general case. Solution(s) Eliminate the need for interception proxies. A client receiving a 501 in a traditional HTTP environment may either choose to repeat the request to the origin server directly, or perhaps be configured to use a different proxy. Workaround Level 5 switches (sometimes called Level 7 or application layer switches) can be used to keep HTTP traffic with unknown methods out of the proxy. However, these devices have heavy buffering responsibilities, still require TCP sequence number spoofing, and do not interact well with persistent connections. The HTTP/1.1 specification allows a proxy to switch over to tunnel mode when it receives a request with a method or HTTP version it does not understand how to handle. Contact Patrick McManus <mcmanus@AppliedTheory.com> Henrik Nordstrom <email@example.com> (HTTP/1.1 clarification)
It should say:
- none -
The whole subsection needs to be removed. There is no requirement in RFC2616 for proxies to generate a 501 status for unknown methods.
Mark Nottingham wrote: I don't think that deleting this section is the right answer; some interception proxies *do* prevent the introduction of new methods; it's just the text about 501 that's wrong.