Quote:Original post by Kylotan
I'm not gonna say you're wrong, because I haven't done it on a wide variety of servers and you may have, but I've used one line 1.0 requests against Apache many times and it did exactly what was expected.
That may be the case with some web sites, but many do require a "Host:" header to behave correctly.
That's not to say that you won't get *some* response back, but it may not be a helpful one.
Quote:
That's not to say it would necessarily generalise to the WWW as a whole but obviously a solution to connect to a single PHP page need not be as complex as a solution that must be able to connect to any server.
To use name-based virtual hosting, it's necessary to have the "Host" header. Name-based virtual hosting is the type used by MOST web servers, because it requires fewer IP addresses (therefore less admin overhead and uses IP space more efficiently).
Of course a lot of web sites (particularly bigger, high traffic ones) are NOT on name-based virtual hosting, in which case the "Host:" header is optional.
As a web developer and web server admin, I normally deliberately set up a "dummy" web site for non host-header requests (This dummy web site contains no accessible pages, always returns 403). This is because the vast majority of evil robots/ worms, make HTTP/1.0 requests without a "Host:" header, and no browser ever does- therefore I can keep the worms' crappy requests out of my logs (It clutters it as they often send very long URIs which are logged anyway)
Mark