[Nagiosplug-devel] Re: check_http does not send port in Host field of GET request

Paul L. Allen pla at softflare.com
Wed Mar 10 14:05:01 CET 2004


SourceForge.net writes: 

> I need the port reflected in the Host: field of the GET
> request. Siteminder uses this info in applying security
> authorizations.

A better justification would be that the RFCs on HTTP version 1.1
*require* that the port be present in the Host field unless you are
using the default port, in which case it may be omitted.  A user agent
(which check_http is) is not conformant with the RFCs if it does not
follow this requirement.  The fact that some web servers do not require
the port to be specified in the Host header is neither here nor there,
the user agent should include it when you're connecting to anything other
than the default port.  The fact that the web server doesn't actually
need that info (since it knows what port you connected to anyway) is
also irrelevent.  The RFCs say it has to be there unless you're using
the default port. 

So instead of saying "I have this weird Siteminder thing that nobody has
ever heard of and that needs the port in the Host header" you can say
"check_http has to behave this way in order to comply with the RFCs."
That's a much stronger argument because there may well be other web servers
out there which require the port.  Then you can bolster the case by saying
it's not just a theoretical possibility, Siteminder does actually need it. 

I have to admit I hadn't realized the port had to be in the Host
header if you're not using the default port until I just checked the
RFCs.  It's there in the RFCs that specify HTTP/1.1.  The Host header is
not in RFC 1945 for HTTP/1.0 but I remember it coming along as a de facto
extension to 1.0.  I don't know if the de facto extensions required
the port in the Host header or not.  But since check_http doesn't allow
you to specify a protocol version, the question doesn't arise. 

-- 
Paul Allen
Softflare Support 






More information about the Devel mailing list