compliance.html.en revision 99bfe4427761b6bb735aa1dd6a24e72313da0820
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
27424c351db1b1ee96848956cf314025f727d1deTinderbox User<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews This file is generated from xml source: DO NOT EDIT
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<title>HTTP Protocol Compliance - Apache HTTP Server</title>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<script src="/style/scripts/prettify.min.js" type="text/javascript">
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<link href="/images/favicon.ico" rel="shortcut icon" /></head>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt<p class="apache">Apache HTTP Server Version 2.5</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.5</a></div><div id="page-content"><div id="preamble"><h1>HTTP Protocol Compliance</h1>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a> |
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<a href="/fr/compliance.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>This document describes the mechanism to set a policy for HTTP
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt protocol compliance for a given URL space by the origin servers or
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt applications behind that URL space.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>For those who may have received an error message from a rejected
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt policy, and need to know what the policy rejection means and what
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt they might do to fix the error, each policy is described below.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#intro">Enforcing HTTP Protocol Compliance in Apache 2</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policyconditional">Conditional Request Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policylength">Content-Length Policy</a></li>
c968a257c1ed1007307cb9b1757f70bbe45da79aMark Andrews<li><img alt="" src="/images/down.gif" /> <a href="#policytype">Content-Type Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policykeepalive">Keepalive Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policymaxage">Freshness Lifetime / Maxage Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policynocache">No Cache Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policyvalidation">Validation Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policyvary">Vary Header Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<li><img alt="" src="/images/down.gif" /> <a href="#policyversion">Protocol Version Policy</a></li>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt</ul><h3>See also</h3><ul class="seealso"><li><a href="filter.html">Filters</a></li></ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="intro" id="intro">Enforcing HTTP Protocol Compliance in Apache 2</a></h2>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>The HTTP protocol follows the <strong>robustness principle</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt as described in <a href="http://tools.ietf.org/html/rfc1122">RFC1122</a>,
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt which states <strong>"Be liberal in what you accept, and conservative in
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt what you send"</strong>. As a result of this principle, HTTP clients will
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt compensate for and recover from incorrect or misconfigured responses, or
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt responses that are uncacheable.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>As a website is scaled up to face greater and greater traffic loads,
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt suboptimal or misconfigured applications or server configurations can
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt threaten both the stability and scalability of the website, as well as
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the hosting costs associated with it. A website can also scale up to face
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt greater configuration complexity, and it can be increasingly difficult to
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt detect and keep track of suboptimally configured URL spaces on a given
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>Eventually a point is reached where the principle "conservative in
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt what you send" needs to be enforced by the server administrator.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code> module provides a set of filters
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt which can be applied to a server, allowing key features of the HTTP
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt protocol to be explicitly tested, and non compliant responses logged as
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt warnings, or rejected outright as an error. Each filter can be applied
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt separately, allowing the administrator to pick and choose which policies
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt should be enforced depending on the circumstances of their environment.
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>The filters might be placed in testing and staging environments for
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the benefit of application and website developers, or may be applied
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt to production servers to protect infrastructure from systems outside
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the administrator's direct control.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <img src="images/compliance-reverse-proxy.png" width="666" height="239" alt="Enforcing HTTP protocol compliance for an application server" />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>In the above example, an Apache httpd server has been placed between
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the application server and the internet at large, and configured to cache
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt responses from the application server. The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt filters have been added to enforce support for cacheable content and
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt conditional requests, ensuring that both <code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code> and
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt public caches on the internet are fully able to cache content created
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt by the restful application server efficiently.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <img src="images/compliance-static.png" width="469" height="239" alt="Enforcing HTTP protocol compliance in a static server" />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>In the above simpler example, a static server serving highly cacheable
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt content has a set of policies applied to ensure that the server configuration
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt conforms to a minimum level of compliance.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<h2><a name="policyconditional" id="policyconditional">Conditional Request Policy</a></h2>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li></ul></td></tr></table>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>This policy will be rejected if the server does not correctly respond
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt to a conditional request with the appropriate status code.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>Conditional requests form the mechanism by which an HTTP cache makes
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt stale content fresh again, and particularly for content with short freshness
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt lifetimes, lack of support for conditional requests can add avoidable load
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt to the server.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>Most specifically, the existence of any of following headers in the
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt request makes the request conditional:</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <dd>If the provided ETag in the <code>If-Match</code> header does not match
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the ETag of the response, the server should return
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>412 Precondition Failed</code>. Full details of how to handle an
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.24">
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <dd>If the provided ETag in the <code>If-None-Match</code> header matches
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the ETag of the response, the server should return either
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>304 Not Modified</code> for GET/HEAD requests, or
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>412 Precondition Failed</code> for other methods. Full details of how
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt to handle an <code>If-None-Match</code> header can be found in
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.26">
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <dd>If the provided date in the <code>If-Modified-Since</code> header is
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt older than the <code>Last-Modified</code> header of the response, the server
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt should return <code>304 Not Modified</code>. Full details of how to handle an
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <code>If-Modified-Since</code> header can be found in
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.25">
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <dd>If the provided date in the <code>If-Modified-Since</code> header is
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt newer than the <code>Last-Modified</code> header of the response, the server
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt should return <code>412 Precondition Failed</code>. Full details of how to
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt handle an <code>If-Unmodified-Since</code> header can be found in
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.28">
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <dd>If the provided ETag or date in the <code>If-Range</code> header matches
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt the ETag or Last-Modified of the response, and a valid <code>Range</code>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt is present, the server should return
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <code>206 Partial Response</code>. Full details of how to handle an
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.27">
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>If the response is detected to have been successful (a 2xx response),
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt but was conditional and one of the responses above was expected instead,
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt this policy will be rejected. Responses that indicate a redirect or a
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt failure of some kind (3xx, 4xx, 5xx) will be ignored by this policy.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>This policy is implemented by the <strong>POLICY_CONDITIONAL</strong>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt<h2><a name="policylength" id="policylength">Content-Length Policy</a></h2>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li></ul></td></tr></table>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>This policy will be rejected if the server response does not contain
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt an explicit <code>Content-Length</code> header.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>There are a number of ways of determining the length of a response
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt body, described in full in
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4">
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>When the <code>Content-Length</code> header is present, the size of
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt the body is declared at the start of the response. If this information
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt is missing, an HTTP cache might choose to ignore the response, as it
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt does not know in advance whether the response will fit within the
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt cache's defined limits.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>HTTP/1.1 defines the <code>Transfer-Encoding</code> header as an
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt alternative to <code>Content-Length</code>, allowing the end of the
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt response to be indicated to the client without the client having to
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt know the length beforehand. However, when HTTP/1.0 requests are
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt processed, and no <code>Content-Length</code> is specified, the only
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt mechanism available to the server to indicate the end of the request
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt is to drop the connection. In an environment containing load
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt balancers, this can cause the keepalive mechanism to be bypassed.
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>If the response is detected to have been successful (a 2xx response),
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt and has a response body (this excludes <code>204 No Content</code>), and
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the <code>Content-Length</code> header is missing, this policy will be
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt rejected. Responses that indicate a redirect or a failure of some kind
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt (3xx, 4xx, 5xx) will be ignored by this policy.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <div class="warning">It should be noted that some modules, such as
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code>, add their own <code>Content-Length</code>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt header should the response be small enough for it to have been possible
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt to read the response lacking such a header in one go. This may cause
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt small responses to pass this policy, while larger responses may
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt fail for the same URL.</div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy is implemented by the <strong>POLICY_LENGTH</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="policytype" id="policytype">Content-Type Policy</a></h2>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li></ul></td></tr></table>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy will be rejected if the server response does not contain
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt an explicit and syntactically correct <code>Content-Type</code> header
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt that matches the server defined pattern.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>The media type of the body is placed in the <code>Content-Type</code>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt header, and the format of the header is described in full in
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7">
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>A syntactically valid content type might look as follows:</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt # invalid<br />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt Content-Type: foo<br />
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt # blank<br />
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt Content-Type:
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>The server administrator has the option to restrict the policy to one
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt or more specific types, or could specify a general wildcard type such as
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy is implemented by the <strong>POLICY_TYPE</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="policykeepalive" id="policykeepalive">Keepalive Policy</a></h2>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li></ul></td></tr></table>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>This policy will be rejected if the server response does not contain
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt an explicit <code>Content-Length</code> header, or a
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <p>There are a number of ways of determining the length of a response
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt body, described in full in
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4">
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>When the <code>Content-Length</code> header is present, the size of
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the body is declared at the start of the response. HTTP/1.1 defines the
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>Transfer-Encoding</code> header as an alternative to
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>Content-Length</code>, allowing the end of the response to be
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt indicated to the client without the client having to know the length
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt beforehand. In the absence of these two mechanisms, the only way for
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt a server to indicate the end of the request is to drop the connection.
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt In an environment containing load balancers, this can cause the keepalive
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt mechanism to be bypassed.
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <dd>we have not marked this connection as errored;</dd>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <dd>the response status does not require a close;</dd>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <dd>the response body has a defined length due to the status code
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt being 304 or 204, the request method being HEAD, already having defined
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt Content-Length or Transfer-Encoding: chunked, or the request version
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt being HTTP/1.1 and thus capable of being set as chunked</dd>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <div class="warning">The server may choose to turn off keepalive for
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt various reasons, such as an imminent shutdown, or a Connection: close from
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt the client, or an HTTP/1.0 client request with a response with no
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <code>Content-Length</code>, but for our purposes we only care that
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt keepalive was possible from the application, not that keepalive actually
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt took place.</div>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>It should also be noted that the Apache httpd server includes a filter
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt that adds chunked encoding to responses without an explicit content
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt length. This policy catches those cases where this filter is bypassed or
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt not in effect.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy is implemented by the <strong>POLICY_KEEPALIVE</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="policymaxage" id="policymaxage">Freshness Lifetime / Maxage Policy</a></h2>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li></ul></td></tr></table>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy will be rejected if the server response does not have
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt an explicit <strong>freshness lifetime</strong> at least as long
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt as the server defined limit, or if the freshness lifetime is
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt calculated based on a heuristic.</p>
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>Full details of how a freshness lifetime is calculated is described in
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.2">
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <p>During the freshness lifetime, a cache does not need to contact the
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt origin server at all, it can simply pass the cached content as is back
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt to the client.</p>
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <p>When the freshness lifetime is reached, the cache should contact the
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt origin server in an effort to check whether the content is still fresh,
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt and if not, replace the content.</p>
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <p>When the freshness lifetime is too short, it can result in excessive
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt load on the server. In addition, should an outage occur that is as long
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt or longer than the freshness lifetime, all cached content will become
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt stale, which could cause a thundering herd of traffic when the
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt server or network returns.</p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>This policy is implemented by the <strong>POLICY_MAXAGE</strong>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt<h2><a name="policynocache" id="policynocache">No Cache Policy</a></h2>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li></ul></td></tr></table>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>This policy will be rejected if the server response declares itself
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt uncacheable using either the <code>Cache-Control</code> or
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <p>Full details of how content may be declared uncacheable is described in
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.1">
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt RFC2616 section 14.9.1 What is Cacheable</a>, and within the definition
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.32">
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt <p>Most specifically, should any of the following header combinations
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt exist in the response headers, the response will be rejected:</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>When unexpected, uncacheable content may produce unacceptable levels
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt of server load, or may incur significant cost. When this policy is enabled,
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt all server defined uncacheable content will be rejected.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy is implemented by the <strong>POLICY_NOCACHE</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="policyvalidation" id="policyvalidation">Validation Policy</a></h2>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li></ul></td></tr></table>
180319f572fb6c1ca7000d22ea79a8dd77ae3f91Evan Hunt <p>This policy will be rejected if the server response does not contain
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt either a syntactically correct <code>ETag</code> or
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt <p>The <code>ETag</code> header is described in full in
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.19">
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt RFC2616 section 14.19 Etag</a>, and the <code>Last-Modified</code> header
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt is described in full in
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.29">
d0803df3310ad09447c34b972e7594d576f5cbb5Evan Hunt <p>In addition to being checked present, the headers are checked for
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <p>An <code>ETag</code> that is not surrounded with quotes, or is not
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt declared "weak" by prefixing it with a "W/" will cause the policy to be
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt rejected. A <code>Last-Modified</code> that is not parsed as a valid date
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt will cause the policy to be rejected.</p>
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <p>This policy is implemented by the <strong>POLICY_VALIDATION</strong>
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt<h2><a name="policyvary" id="policyvary">Vary Header Policy</a></h2>
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li></ul></td></tr></table>
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <p>This policy will be rejected if the server response contains a
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt <code>Vary</code> header, and that header in turn contains a header
c0c4512020c0a4a9e5b087cb8cad1cd68fb3f52eEvan Hunt blacklisted by the administrator.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>The <code>Vary</code> header is described in full in
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.44">
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>Some client provided headers, such as <code>User-Agent</code>,
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt can contain thousands or millions of combinations of values over a period
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt of time, and if the response is declared cacheable, a cache might attempt
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt to cache each of these responses separately, filling up the cache and
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt crowding out other entries in the cache. In this scenario, if so
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt configured, the policy will reject the response.</p>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy is implemented by the <strong>POLICY_VARY</strong>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt<h2><a name="policyversion" id="policyversion">Protocol Version Policy</a></h2>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt <p>This policy will be rejected if the client request was made with a
d46855caedd5cb101795707f6f467fa363ef1448Evan Hunt version number lower than the version of HTTP specified.</p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>This policy is typically used with restful applications where
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt control over the type of client is desired. This policy can be used
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt alongside the <code>POLICY_KEEPALIVE</code> filter to ensure that
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt HTTP/1.0 clients don't cause keepalive connections to be dropped.</p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>Possible minimum versions that could be specified are:</p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt <p>This policy is implemented by the <strong>POLICY_VERSON</strong>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a> |
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt<a href="/fr/compliance.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Hunt<script type="text/javascript"><!--//--><![CDATA[//><!--
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Huntvar comments_shortname = 'httpd';
a0b4f6d952cc6adde281948cf995868b44f366e8Evan Huntvar comments_identifier = 'http://httpd.apache.org/docs/trunk/compliance.html';
fbed5f0f44515f5b3ca499a3466c875507852970Evan Hunt(function(w, d) {
fbed5f0f44515f5b3ca499a3466c875507852970Evan Hunt if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
fbed5f0f44515f5b3ca499a3466c875507852970Evan Hunt d.write('<div id="comments_thread"><\/div>');
fbed5f0f44515f5b3ca499a3466c875507852970Evan Hunt var s = d.createElement('script');
fbed5f0f44515f5b3ca499a3466c875507852970Evan Hunt s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
<p class="apache">Copyright 2014 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--