This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Apache HTTP Server Compatibility

This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles.

Applicable Specifications

Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementer. Different implementations may;

  • Apply a different interpretation of the same reading when the specification is unclear
  • Choose to be permissive where multiple readings are possible, or to strictly conform when the plain reading is clear
  • Deviate from the specification in error, for their own purpose, or to accommodate another implementation

Apache HTTP Server since inception has erred on the side of being lenient in accepting questionable input, and strict in emitting responses from the server, which helped to fuel the adoption of the HTTP protocol. In response to a number of attack vectors which rely on the differences in accepting and interpreting questionable input, the server is evolving to more strictly require that input conform to the relevant specifications.

The current version of HTTP implements the following specifications, with specific wiki pages dedicated to each topic (this list not exhaustive);

Spec

Comments

Title

RFC 7230

RFC 7230 Notes

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

RFC 7231

RFC 7231 Notes

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

RFC 7232

RFC 7232 Notes

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

RFC 7233

RFC 7233 Notes

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

RFC 7234

RFC 7234 Notes

Hypertext Transfer Protocol (HTTP/1.1): Caching

RFC 7235

RFC 7235 Notes

Hypertext Transfer Protocol (HTTP/1.1): Authentication

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6eb82a54-7dde-4d11-896e-4fa48fc9b401"><ac:plain-text-body><![CDATA[

[RFC 3986

https://tools.ietf.org/html/rfc3986]

[RFC 3986 Notes

RFC3986Notes]

URI Generic Syntax [By reference in RFC 7230]

]]></ac:plain-text-body></ac:structured-macro>

Interoperability Issues

See specific Notes above for issues related to each specification. General Issues between specific clients and back-end servers are called out below.

Specific Client Issues (httpd as a Server)

Specific Server Issues (httpd as a User-Agent)

  • No labels