Quote:Original post by markr
Actually it's not quite as simple as Kylotan says.

Most web servers these days don't support HTTP/1.0 requests without the "Host" header (In HTTP/1.1 it's mandatory anyway), and many don't support HTTP 0.9 requests at all.

I'm not gonna say you're wrong, because I haven't done it on a wide variety of servers and you may have, but I've used one line 1.0 requests against Apache many times and it did exactly what was expected. That's not to say it would necessarily generalise to the WWW as a whole but obviously a solution to connect to a single PHP page need not be as complex as a solution that must be able to connect to any server.

Quote:Original post by Kylotan
I'm not gonna say you're wrong, because I haven't done it on a wide variety of servers and you may have, but I've used one line 1.0 requests against Apache many times and it did exactly what was expected.

That may be the case with some web sites, but many do require a "Host:" header to behave correctly.

That's not to say that you won't get *some* response back, but it may not be a helpful one.

Quote:
That's not to say it would necessarily generalise to the WWW as a whole but obviously a solution to connect to a single PHP page need not be as complex as a solution that must be able to connect to any server.

To use name-based virtual hosting, it's necessary to have the "Host" header. Name-based virtual hosting is the type used by MOST web servers, because it requires fewer IP addresses (therefore less admin overhead and uses IP space more efficiently).

Of course a lot of web sites (particularly bigger, high traffic ones) are NOT on name-based virtual hosting, in which case the "Host:" header is optional.

As a web developer and web server admin, I normally deliberately set up a "dummy" web site for non host-header requests (This dummy web site contains no accessible pages, always returns 403). This is because the vast majority of evil robots/ worms, make HTTP/1.0 requests without a "Host:" header, and no browser ever does- therefore I can keep the worms' crappy requests out of my logs (It clutters it as they often send very long URIs which are logged anyway)

Mark

Slightly off-topic, but... I'd like some example sites that don't accept a 0.9 request. Just checking with my function I used a while back (say a couple years) right now, I didn't find any off hand. Is 0.9 really that unsupported now?

Also via the host: header part, on my virtual sites simply using the full URL as the URI makes everything work just fine.

Sites which rely on the "Host:" header don't support HTTP 0.9, as it has no mechanism to provide request (or indeed response) headers.

Most of our sites are configured so that the "Host" header is required.

These sites DO support HTTP/1.0, provided the Host header is present.

Mark