we use the Redirect-After-Post template in our webapp.
Sometimes our apache log shows very few error logs:
[error] [...] the client sent an HTTP / 1.1 request without a host name (see RFC2616 section 14.23): ...
in my access log they are displayed as [...] "GET / xyz / HTTP / 1.1" 400 226 "-" "-" 72
What happens here: the application sends a redirect with an absolute URL as follows:
Location: http://www.kicktipp.de/demo/
Today I have three browsers that request a URL to which we redirect without the required Host header:
- "Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"
- "Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; InfoPath.1)
- "Mozilla / 4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla / 4.0 (compatible; MSIE 7.0; Win32; WEB.DE); Mozilla / 4.0 (compatible; MSIE 8.0; Win32; WEB.DE); NET CLR 1.1. 4322; InfoPath.1; .NET CLR 2.0.50727; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) "
These were regular visits, users clicked on several pages, then received redirects and the failure failed.
I know some older browsers need help with http / 1.1, so we have the default debian setenv configuration:
<IfModule mod_setenvif.c> # # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. # BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple DAV filesystem and Gnome VFS support for DAV. # BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully BrowserMatch "^gnome-vfs/1.0" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully </IfModule>
This happens only once in 10,000 redirects. but of course I want to satisfy every user and every browser.
Is there any hint you can give me? Do we need to add more browsers to our mod_setenvif configuration?
source share