Found 1 record.

Status: Held for Document Update (1)

RFC 3143, "Known HTTP Proxy/Caching Problems", June 2001

Errata ID: 1634
Status: Held for Document Update
Type: Technical
Publication Format(s) : TEXT
Reported By: Julian Reschke
Date Reported: 2008-12-13
Held for Document Update by: Alexey Melnikov
Date Held: 2010-11-06

Section 2.2.2 says:

2.2.2 Interception proxies prevent introduction of new HTTP methods

   Name
      Interception proxies prevent introduction of new HTTP methods

   Classification
      Architecture

   Description
      A proxy that receives a request with a method unknown to it is
      required to generate an HTTP 501 Error as a response.  HTTP
      methods are designed to be extensible so there may be applications
      deployed with initial support just for the user agent and origin
      server.  An interception proxy that hijacks requests which include
      new methods destined for servers that have implemented those
      methods creates a de-facto firewall where none may be intended.

   Significance
      Medium within interception proxy environments.

   Implications
      Renders new compliant applications useless unless modifications
      are made to proxy software.  Because new methods are not required
      to be globally standardized it is impossible to keep up to date in
      the general case.

   Solution(s)
      Eliminate the need for interception proxies.  A client receiving a
      501 in a traditional HTTP environment may either choose to repeat
      the request to the origin server directly, or perhaps be
      configured to use a different proxy.

   Workaround
      Level 5 switches (sometimes called Level 7 or application layer
      switches) can be used to keep HTTP traffic with unknown methods
      out of the proxy.  However, these devices have heavy buffering
      responsibilities, still require TCP sequence number spoofing, and
      do not interact well with persistent connections.

      The HTTP/1.1 specification allows a proxy to switch over to tunnel
      mode when it receives a request with a method or HTTP version it
      does not understand how to handle.

   Contact
      Patrick McManus <mcmanus@AppliedTheory.com>
      Henrik Nordstrom <hno@hem.passagen.se> (HTTP/1.1 clarification)

It should say:

- none -

Notes:

The whole subsection needs to be removed. There is no requirement in RFC2616 for proxies to generate a 501 status for unknown methods.

Mark Nottingham wrote: I don't think that deleting this section is the right answer; some interception proxies *do* prevent the introduction of new methods; it's just the text about 501 that's wrong.

Report New Errata