compliance.html.en revision 30471a4650391f57975f60bbb6e4a90be7b284bf
6ae232055d4d8a97267517c5e50074c2c819941and<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
6ae232055d4d8a97267517c5e50074c2c819941and<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
6ae232055d4d8a97267517c5e50074c2c819941and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
6ae232055d4d8a97267517c5e50074c2c819941and This file is generated from xml source: DO NOT EDIT
6ae232055d4d8a97267517c5e50074c2c819941and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
6ae232055d4d8a97267517c5e50074c2c819941and<title>HTTP Protocol Compliance - Apache HTTP Server</title>
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<script src="/style/scripts/prettify.js" type="text/javascript">
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/images/favicon.ico" rel="shortcut icon" /></head>
6ae232055d4d8a97267517c5e50074c2c819941and<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
6ae232055d4d8a97267517c5e50074c2c819941and<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
6ae232055d4d8a97267517c5e50074c2c819941and<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.5</a></div><div id="page-content"><div id="preamble"><h1>HTTP Protocol Compliance</h1>
6ae232055d4d8a97267517c5e50074c2c819941and<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a></p>
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>This document describes the mechanism to set a policy for HTTP
6ae232055d4d8a97267517c5e50074c2c819941and protocol compliance for a given URL space by the origin servers or
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung applications behind that URL space.</p>
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>For those who may have received an error message from a rejected
b43f840409794ed298e8634f6284741f193b6c4ftakashi policy, and need to know what the policy rejection means and what
b43f840409794ed298e8634f6284741f193b6c4ftakashi they might do to fix the error, each policy is described below.</p>
6ae232055d4d8a97267517c5e50074c2c819941and<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#intro">Enforcing HTTP Protocol Compliance in Apache 2</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyconditional">Conditional Request Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policylength">Content-Length Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policytype">Content-Type Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policykeepalive">Keepalive Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policymaxage">Freshness Lifetime / Maxage Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policynocache">No Cache Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyvalidation">Validation Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyvary">Vary Header Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyversion">Protocol Version Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and</ul><h3>See also</h3><ul class="seealso"><li><a href="filter.html">Filters</a></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
6ae232055d4d8a97267517c5e50074c2c819941and<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
6ae232055d4d8a97267517c5e50074c2c819941and<h2><a name="intro" id="intro">Enforcing HTTP Protocol Compliance in Apache 2</a></h2>
6ae232055d4d8a97267517c5e50074c2c819941and <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
6ae232055d4d8a97267517c5e50074c2c819941and <p>The HTTP protocol follows the <strong>robustness principle</strong>
1d980e5489836e977ba59b419e27b0ec875c4bd3takashi as described in <a href="http://tools.ietf.org/html/rfc1122">RFC1122</a>,
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh which states <strong>"Be liberal in what you accept, and conservative in
6ae232055d4d8a97267517c5e50074c2c819941and what you send"</strong>. As a result of this principle, HTTP clients will
6ae232055d4d8a97267517c5e50074c2c819941and compensate for and recover from incorrect or misconfigured responses, or
6ae232055d4d8a97267517c5e50074c2c819941and responses that are uncacheable.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>As a website is scaled up to face greater and greater traffic loads,
6ae232055d4d8a97267517c5e50074c2c819941and suboptimal or misconfigured applications or server configurations can
6ae232055d4d8a97267517c5e50074c2c819941and threaten both the stability and scalability of the website, as well as
6ae232055d4d8a97267517c5e50074c2c819941and the hosting costs associated with it. A website can also scale up to face
6ae232055d4d8a97267517c5e50074c2c819941and greater configuration complexity, and it can be increasingly difficult to
6ae232055d4d8a97267517c5e50074c2c819941and detect and keep track of suboptimally configured URL spaces on a given
6ae232055d4d8a97267517c5e50074c2c819941and server.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>Eventually a point is reached where the principle "conservative in
6ae232055d4d8a97267517c5e50074c2c819941and what you send" needs to be enforced by the server administrator.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code> module provides a set of filters
6ae232055d4d8a97267517c5e50074c2c819941and which can be applied to a server, allowing key features of the HTTP
6ae232055d4d8a97267517c5e50074c2c819941and protocol to be explicitly tested, and non compliant responses logged as
6ae232055d4d8a97267517c5e50074c2c819941and warnings, or rejected outright as an error. Each filter can be applied
6ae232055d4d8a97267517c5e50074c2c819941and separately, allowing the administrator to pick and choose which policies
6ae232055d4d8a97267517c5e50074c2c819941and should be enforced depending on the circumstances of their environment.
6ae232055d4d8a97267517c5e50074c2c819941and <p>The filters might be placed in testing and staging environments for
6ae232055d4d8a97267517c5e50074c2c819941and the benefit of application and website developers, or may be applied
6ae232055d4d8a97267517c5e50074c2c819941and to production servers to protect infrastructure from systems outside
6ae232055d4d8a97267517c5e50074c2c819941and the administrator's direct control.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <img src="images/compliance-reverse-proxy.png" width="666" height="239" alt="Enforcing HTTP protocol compliance for an application server" />
6ae232055d4d8a97267517c5e50074c2c819941and <p>In the above example, an Apache httpd server has been placed between
6ae232055d4d8a97267517c5e50074c2c819941and the application server and the internet at large, and configured to cache
6ae232055d4d8a97267517c5e50074c2c819941and responses from the application server. The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code>
6ae232055d4d8a97267517c5e50074c2c819941and filters have been added to enforce support for cacheable content and
6ae232055d4d8a97267517c5e50074c2c819941and conditional requests, ensuring that both <code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code> and
6ae232055d4d8a97267517c5e50074c2c819941and public caches on the internet are fully able to cache content created
6ae232055d4d8a97267517c5e50074c2c819941and by the restful application server efficiently.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <img src="images/compliance-static.png" width="469" height="239" alt="Enforcing HTTP protocol compliance in a static server" />
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>In the above simpler example, a static server serving highly cacheable
6ae232055d4d8a97267517c5e50074c2c819941and content has a set of policies applied to ensure that the server configuration
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung conforms to a minimum level of compliance.</p>
0d0ba3a410038e179b695446bb149cce6264e0abnd </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh<h2><a name="policyconditional" id="policyconditional">Conditional Request Policy</a></h2>
cc7e1025de9ac63bd4db6fe7f71c158b2cf09fe4humbedooh <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li></ul></td></tr></table>
0d0ba3a410038e179b695446bb149cce6264e0abnd <p>This policy will be rejected if the server does not correctly respond
0d0ba3a410038e179b695446bb149cce6264e0abnd to a conditional request with the appropriate status code.</p>
ac082aefa89416cbdc9a1836eaf3bed9698201c8humbedooh <p>Conditional requests form the mechanism by which an HTTP cache makes
0d0ba3a410038e179b695446bb149cce6264e0abnd stale content fresh again, and particularly for content with short freshness
0d0ba3a410038e179b695446bb149cce6264e0abnd lifetimes, lack of support for conditional requests can add avoidable load
0d0ba3a410038e179b695446bb149cce6264e0abnd to the server.</p>
0d0ba3a410038e179b695446bb149cce6264e0abnd <p>Most specifically, the existence of any of following headers in the
0d0ba3a410038e179b695446bb149cce6264e0abnd request makes the request conditional:</p>
0d0ba3a410038e179b695446bb149cce6264e0abnd <dd>If the provided ETag in the <code>If-Match</code> header does not match
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd the ETag of the response, the server should return
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd <code>412 Precondition Failed</code>. Full details of how to handle an
6ae232055d4d8a97267517c5e50074c2c819941and <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.24">
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li></ul></td></tr></table>
<code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code>, add their own <code>Content-Length</code>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a></p>
</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>This section is experimental!</strong><br />Comments placed here should not be expected
to last beyond the testing phase of this system, nor do we in any way guarantee that we'll read them.</div><div id="disqus_thread" /><script type="text/javascript"><!--//--><![CDATA[//><!--
var disqus_identifier = window.location.href.replace(/(current|trunk)/, "2.4").replace(/\/[a-z]{2}\//, "/").replace(window.location.protocol, "http:") + '.' + lang;
if (disqus_identifier.indexOf("httpd.apache.org") != -1) {
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = window.location.protocol + '//' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
var text = document.createTextNode("Comments have been disabled for offline viewing.");
document.getElementById('disqus_thread').appendChild(text);
<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--