known_client_problems.html revision 2eaf662cbc81e823e8d9aeb8d54e69e63032493e
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Apache HTTP Server Project</title>
</head>
<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
<body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
vlink="#000080" alink="#FF0000">
<!--#include virtual="header.html" -->
<h1 align="CENTER">Known Problems in Clients</h1>
<p>Over time the Apache Group has discovered or been notified
of problems with various clients which we have had to work
around, or explain. This document describes these problems and
the workarounds available. It's not arranged in any particular
order. Some familiarity with the standards is assumed, but not
necessary.</p>
<p>For brevity, <em>Navigator</em> will refer to Netscape's
Navigator product (which in later versions was renamed
"Communicator" and various other names), and <em>MSIE</em> will
refer to Microsoft's Internet Explorer product. All trademarks
and copyrights belong to their respective companies. We welcome
input from the various client authors to correct
inconsistencies in this paper, or to provide us with exact
<p>For reference, <a
href="ftp://ds.internic.net/rfc/rfc1945.txt">RFC1945</a>
href="ftp://ds.internic.net/rfc/rfc2068.txt">RFC2068</a>
<p>Various of these workarounds are triggered by environment
variables. The admin typically controls which are set, and for
which clients, by using <a
href="/mod/mod_browser.html">mod_browser</a>. Unless
otherwise noted all of these workarounds exist in versions 1.2
and later.</p>
<h3><a id="trailing-crlf" name="trailing-crlf">Trailing CRLF on
POSTs</a></h3>
<p>This is a legacy issue. The CERN webserver required
<code>POST</code> data to have an extra <code>CRLF</code>
following it. Thus many clients send an extra <code>CRLF</code>
that is not included in the <code>Content-Length</code> of the
request. Apache works around this problem by eating any empty
lines which appear before a request.</p>
<h3><a id="broken-keepalive" name="broken-keepalive">Broken
keepalive</a></h3>
<p>Various clients have had broken implementations of
<em>keepalive</em> (persistent connections). In particular the
Windows versions of Navigator 2.0 get very confused when the
server times out an idle connection. The workaround is present
in the default config files:</p>
<blockquote>
<code>BrowserMatch Mozilla/2 nokeepalive</code>
</blockquote>
Note that this matches some earlier versions of MSIE, which
began the practice of calling themselves <em>Mozilla</em> in
their user-agent strings just like Navigator.
properly support keepalive when it is used on 301 or 302
(redirect) responses. Unfortunately Apache's
<code>nokeepalive</code> code prior to 1.2.2 would not work
this patch</a> to version 1.2.1. Then add this to your
config:</p>
<blockquote>
<code>BrowserMatch "MSIE 4\.0b2;" nokeepalive</code>
</blockquote>
<h3><a id="force-response-1.0"
name="force-response-1.0">Incorrect interpretation of
<p>To quote from section 3.1 of RFC1945:</p>
<blockquote>
HTTP uses a "<MAJOR>.<MINOR>" numbering scheme to
indicate versions of the protocol. The protocol versioning
policy is intended to allow the sender to indicate the format
of a message and its capacity for understanding further HTTP
communication, rather than the features obtained via that
communication.
</blockquote>
its response. Many client authors mistakenly treat this part of
the response as an indication of the protocol that the response
is in, and then refuse to accept the response.
<p>The first major indication of this problem was with AOL's
proxy servers. When Apache 1.2 went into beta it was the first
their proxies. In anticipation of similar problems, the
<code>force-response-1.0</code> environment variable was added
change the response.</p>
<p>The pre-1.1 Java Development Kit (JDK) that is used in many
problem. As do some of the early pre-releases of the 1.1 JDK.
We think it is fixed in the 1.1 JDK release. In any event the
workaround:</p>
<blockquote>
</blockquote>
<p>RealPlayer 4.0 from Progressive Networks also exhibits this
problem. However they have fixed it in version 4.01 of the
player, but version 4.01 uses the same <code>User-Agent</code>
as version 4.0. The workaround is still:</p>
<blockquote>
<code>BrowserMatch "RealPlayer 4.0" force-response-1.0</code>
</blockquote>
<p>MSIE 4.0b2 has this problem. Its Java VM makes requests in
(in particular, it does not understand <em>chunked</em>
responses). The workaround is to fool Apache into believing the
<blockquote>
<code>BrowserMatch "MSIE 4\.0b2;" downgrade-1.0
force-response-1.0</code>
</blockquote>
This workaround is available in 1.2.2, and in a <a
patch</a> against 1.2.1.
<h3><a id="257th-byte" name="257th-byte">Boundary problems with
header parsing</a></h3>
<p>All versions of Navigator from 2.0 through 4.0b2 (and
possibly later) have a problem if the trailing CRLF of the
response header starts at offset 256, 257 or 258 of the
response. A BrowserMatch for this would match on nearly every
hit, so the workaround is enabled automatically on all
responses. The workaround implemented detects when this
condition would occur in a response and adds extra padding to
the header to push the trailing CRLF past offset 258 of the
response.</p>
<h3><a id="boundary-string" name="boundary-string">Multipart
responses and Quoted Boundary Strings</a></h3>
<p>On multipart responses some clients will not accept quotes
(") around the boundary string. The MIME standard recommends
that such quotes be used. But the clients were probably written
based on one of the examples in RFC2068, which does not include
quotes. Apache does not include quotes on its boundary strings
to workaround this problem.</p>
<h3><a id="byterange-requests"
name="byterange-requests">Byterange requests</a></h3>
<p>A byterange request is used when the client wishes to
retrieve a portion of an object, not necessarily the entire
object. There was a very old draft which included these
byteranges in the URL. Old clients such as Navigator 2.0b1 and
MSIE 3.0 for the MAC exhibit this behaviour, and it will appear
in the servers' access logs as (failed) attempts to retrieve a
URL with a trailing ";xxx-yyy". Apache does not attempt to
implement this at all.</p>
<p>A subsequent draft of this standard defines a header
<code>Request-Range</code>, and a response type
includes this draft with a few fixes, and it defines the header
<code>Range</code> and type
<p>Navigator (versions 2 and 3) sends both <code>Range</code>
and <code>Request-Range</code> headers (with the same value),
response. The response must be
receives a <code>Request-Range</code> header it considers it
"higher priority" than a <code>Range</code> header and in
<p>The Adobe Acrobat Reader plugin makes extensive use of
byteranges and prior to version 3.01 supports only the
there is no clue that it is the plugin making the request. If
the plugin is used with Navigator, the above workaround works
fine. But if the plugin is used with MSIE 3 (on Windows) the
workaround won't work because MSIE 3 doesn't give the
<code>Range-Request</code> clue that Navigator does. To
workaround this, Apache special cases "MSIE 3" in the
<code>User-Agent</code> and serves
for this with MSIE 3 is actually due to the Acrobat plugin, not
due to the browser.</p>
<p>Netscape Communicator appears to not issue the non-standard
<code>Request-Range</code> header. When an Acrobat plugin prior
to version 3.01 is used with it, it will not properly
understand byteranges. The user must upgrade their Acrobat
reader to 3.01.</p>
<h3><a id="cookie-merge"
name="cookie-merge"><code>Set-Cookie</code> header is
unmergeable</a></h3>
<p>The HTTP specifications say that it is legal to merge
headers with duplicate names into one (separated by commas).
Some browsers that support Cookies don't like merged headers
and prefer that each <code>Set-Cookie</code> header is sent
separately. When parsing the headers returned by a CGI, Apache
will explicitly avoid merging any <code>Set-Cookie</code>
headers.</p>
<h3><a id="gif89-expires"
name="gif89-expires"><code>Expires</code> headers and GIF89A
animations</a></h3>
<p>Navigator versions 2 through 4 will erroneously re-request
GIF89A animations on each loop of the animation if the first
response included an <code>Expires</code> header. This happens
regardless of how far in the future the expiry time is set.
There is no workaround supplied with Apache, however there are
hacks for <a
1.2</a> and for <a
1.3</a>.</p>
<h3><a id="no-content-length"
name="no-content-length"><code>POST</code> without
<code>Content-Length</code></a></h3>
<p>In certain situations Navigator 3.01 through 3.03 appear to
incorrectly issue a POST without the request body. There is no
known workaround. It has been fixed in Navigator 3.04,
Netscapes provides some <a
href="http://help.netscape.com/kb/client/971014-42.html">information</a>.
There's also <a
some information</a> about the actual problem.</p>
<h3><a id="jdk-12-bugs" name="jdk-12-bugs">JDK 1.2 betas lose
parts of responses.</a></h3>
<p>The http client in the JDK1.2beta2 and beta3 will throw away
the first part of the response body when both the headers and
the first part of the body are sent in the same network packet
AND keep-alive's are being used. If either condition is not met
then it works fine.</p>
<p>See also Bug-ID's 4124329 and 4125538 at the java developer
connection.</p>
<p>If you are seeing this bug yourself, you can add the
following BrowserMatch directive to work around it:</p>
<blockquote>
<code>BrowserMatch "Java1\.2beta[23]" nokeepalive</code>
</blockquote>
<p>We don't advocate this though since bending over backwards
for beta software is usually not a good idea; ideally it gets
fixed, new betas or a final release comes out, and no one uses
the broken old software anymore. In theory.</p>
<h3><a id="content-type-persistence"
name="content-type-persistence"><code>Content-Type</code>
change is not noticed after reload</a></h3>
<p>Navigator (all versions?) will cache the
<code>content-type</code> for an object "forever". Using reload
or shift-reload will not cause Navigator to notice a
<code>content-type</code> change. The only work-around is for
the user to flush their caches (memory and disk). By way of an
file which does not map <code>.htm</code> to
fixes the server, the user will have to flush their caches
before the object will be shown with the correct
<h3><a id="msie-cookie-y2k" name="msie-cookie-y2k">MSIE Cookie
problem with expiry date in the year 2000</a></h3>
<p>MSIE versions 3.00 and 3.02 (without the Y2K patch) do not
handle cookie expiry dates in the year 2000 properly. Years
after 2000 and before 2000 work fine. This is fixed in IE4.01
service pack 1, and in the Y2K patch for IE3.02. Users should
avoid using expiry dates in the year 2000.</p>
<h3><a id="lynx-negotiate-trans"
name="lynx-negotiate-trans">Lynx incorrectly asking for
transparent content negotiation</a></h3>
<p>The Lynx browser versions 2.7 and 2.8 send a "negotiate:
trans" header in their requests, which is an indication the
browser supports transparent content negotiation (TCN). However
the browser does not support TCN. As of version 1.3.4, Apache
supports TCN, and this causes problems with these versions of
Lynx. As a workaround future versions of Apache will ignore
this header when sent by the Lynx client.</p>
<h3><a id="ie40-vary" name="ie40-vary">MSIE 4.0 mishandles Vary
response header</a></h3>
<p>MSIE 4.0 does not handle a Vary header properly. The Vary
header is generated by mod_rewrite in apache 1.3. The result is
an error from MSIE saying it cannot download the requested
file. There are more details in <a
<p>A workaround is to add the following to your server's
configuration files:</p>
<pre>
BrowserMatch "MSIE 4\.0" force-no-vary
</pre>
<p>(This workaround is only available with releases
<strong>after</strong> 1.3.6 of the Apache Web server.)</p>
<!--#include virtual="footer.html" -->
</body>
</html>