compliance.html.en revision d29d9ab4614ff992b0e8de6e2b88d52b6f1f153e
6ae232055d4d8a97267517c5e50074c2c819941and<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
6ae232055d4d8a97267517c5e50074c2c819941and<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
6ae232055d4d8a97267517c5e50074c2c819941and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
6ae232055d4d8a97267517c5e50074c2c819941and This file is generated from xml source: DO NOT EDIT
6ae232055d4d8a97267517c5e50074c2c819941and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
6ae232055d4d8a97267517c5e50074c2c819941and<title>HTTP Protocol Compliance - Apache HTTP Server</title>
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen<script src="/style/scripts/prettify.js" type="text/javascript">
6ae232055d4d8a97267517c5e50074c2c819941and<link href="/images/favicon.ico" rel="shortcut icon" /></head>
6ae232055d4d8a97267517c5e50074c2c819941and<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
6ae232055d4d8a97267517c5e50074c2c819941and<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
6ae232055d4d8a97267517c5e50074c2c819941and<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="./">Version 2.5</a></div><div id="page-content"><div id="preamble"><h1>HTTP Protocol Compliance</h1>
6ae232055d4d8a97267517c5e50074c2c819941and<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a></p>
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>This document describes the mechanism to set a policy for HTTP
6ae232055d4d8a97267517c5e50074c2c819941and protocol compliance for a given URL space by the origin servers or
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung applications behind that URL space.</p>
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>For those who may have received an error message from a rejected
b43f840409794ed298e8634f6284741f193b6c4ftakashi policy, and need to know what the policy rejection means and what
b43f840409794ed298e8634f6284741f193b6c4ftakashi they might do to fix the error, each policy is described below.</p>
6ae232055d4d8a97267517c5e50074c2c819941and<div id="quickview"><ul id="toc"><li><img alt="" src="/images/down.gif" /> <a href="#intro">Enforcing HTTP Protocol Compliance in Apache 2</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyconditional">Conditional Request Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policylength">Content-Length Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policytype">Content-Type Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policykeepalive">Keepalive Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policymaxage">Freshness Lifetime / Maxage Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policynocache">No Cache Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyvalidation">Validation Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyvary">Vary Header Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and<li><img alt="" src="/images/down.gif" /> <a href="#policyversion">Protocol Version Policy</a></li>
6ae232055d4d8a97267517c5e50074c2c819941and</ul><h3>See also</h3><ul class="seealso"><li><a href="filter.html">Filters</a></li></ul></div>
6ae232055d4d8a97267517c5e50074c2c819941and<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
6ae232055d4d8a97267517c5e50074c2c819941and<h2><a name="intro" id="intro">Enforcing HTTP Protocol Compliance in Apache 2</a></h2>
6ae232055d4d8a97267517c5e50074c2c819941and <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
6ae232055d4d8a97267517c5e50074c2c819941and <p>The HTTP protocol follows the <strong>robustness principle</strong>
1d980e5489836e977ba59b419e27b0ec875c4bd3takashi as described in <a href="http://tools.ietf.org/html/rfc1122">RFC1122</a>,
6ae232055d4d8a97267517c5e50074c2c819941and which states <strong>"Be liberal in what you accept, and conservative in
6ae232055d4d8a97267517c5e50074c2c819941and what you send"</strong>. As a result of this principle, HTTP clients will
6ae232055d4d8a97267517c5e50074c2c819941and compensate for and recover from incorrect or misconfigured responses, or
6ae232055d4d8a97267517c5e50074c2c819941and responses that are uncacheable.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>As a website is scaled up to face greater and greater traffic loads,
6ae232055d4d8a97267517c5e50074c2c819941and suboptimal or misconfigured applications or server configurations can
6ae232055d4d8a97267517c5e50074c2c819941and threaten both the stability and scalability of the website, as well as
6ae232055d4d8a97267517c5e50074c2c819941and the hosting costs associated with it. A website can also scale up to face
6ae232055d4d8a97267517c5e50074c2c819941and greater configuration complexity, and it can be increasingly difficult to
6ae232055d4d8a97267517c5e50074c2c819941and detect and keep track of suboptimally configured URL spaces on a given
6ae232055d4d8a97267517c5e50074c2c819941and server.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>Eventually a point is reached where the principle "conservative in
6ae232055d4d8a97267517c5e50074c2c819941and what you send" needs to be enforced by the server administrator.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <p>The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code> module provides a set of filters
6ae232055d4d8a97267517c5e50074c2c819941and which can be applied to a server, allowing key features of the HTTP
6ae232055d4d8a97267517c5e50074c2c819941and protocol to be explicitly tested, and non compliant responses logged as
6ae232055d4d8a97267517c5e50074c2c819941and warnings, or rejected outright as an error. Each filter can be applied
6ae232055d4d8a97267517c5e50074c2c819941and separately, allowing the administrator to pick and choose which policies
6ae232055d4d8a97267517c5e50074c2c819941and should be enforced depending on the circumstances of their environment.
6ae232055d4d8a97267517c5e50074c2c819941and <p>The filters might be placed in testing and staging environments for
6ae232055d4d8a97267517c5e50074c2c819941and the benefit of application and website developers, or may be applied
6ae232055d4d8a97267517c5e50074c2c819941and to production servers to protect infrastructure from systems outside
6ae232055d4d8a97267517c5e50074c2c819941and the administrator's direct control.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <img src="images/compliance-reverse-proxy.png" width="666" height="239" alt="Enforcing HTTP protocol compliance for an application server" />
6ae232055d4d8a97267517c5e50074c2c819941and <p>In the above example, an Apache httpd server has been placed between
6ae232055d4d8a97267517c5e50074c2c819941and the application server and the internet at large, and configured to cache
6ae232055d4d8a97267517c5e50074c2c819941and responses from the application server. The <code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code>
6ae232055d4d8a97267517c5e50074c2c819941and filters have been added to enforce support for cacheable content and
6ae232055d4d8a97267517c5e50074c2c819941and conditional requests, ensuring that both <code class="module"><a href="/mod/mod_cache.html">mod_cache</a></code> and
6ae232055d4d8a97267517c5e50074c2c819941and public caches on the internet are fully able to cache content created
6ae232055d4d8a97267517c5e50074c2c819941and by the restful application server efficiently.</p>
6ae232055d4d8a97267517c5e50074c2c819941and <img src="images/compliance-static.png" width="469" height="239" alt="Enforcing HTTP protocol compliance in a static server" />
b43f840409794ed298e8634f6284741f193b6c4ftakashi <p>In the above simpler example, a static server serving highly cacheable
6ae232055d4d8a97267517c5e50074c2c819941and content has a set of policies applied to ensure that the server configuration
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung conforms to a minimum level of compliance.</p>
b43f840409794ed298e8634f6284741f193b6c4ftakashi </div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd<h2><a name="policyconditional" id="policyconditional">Conditional Request Policy</a></h2>
7fec19672a491661b2fe4b29f685bc7f4efa64d4nd <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyconditional">PolicyConditional</a></code></li></ul></td></tr></table>
6ae232055d4d8a97267517c5e50074c2c819941and <p>This policy will be rejected if the server does not correctly respond
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policylength">PolicyLength</a></code></li></ul></td></tr></table>
<code class="module"><a href="/mod/mod_proxy.html">mod_proxy</a></code>, add their own <code>Content-Length</code>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policytype">PolicyType</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policykeepalive">PolicyKeepalive</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policymaxage">PolicyMaxage</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policynocache">PolicyNocache</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvalidation">PolicyValidation</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyvary">PolicyVary</a></code></li></ul></td></tr></table>
<table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="/mod/mod_policy.html">mod_policy</a></code></li></ul></td><td><ul><li><code class="directive"><a href="/mod/mod_policy.html#policyversion">PolicyVersion</a></code></li></ul></td></tr></table>
<p><span>Available Languages: </span><a href="/en/compliance.html" title="English"> en </a></p>
<p class="apache">Copyright 2012 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript">