Download presentation
Presentation is loading. Please wait.
1
Web Server Design Week 15 Old Dominion University
Department of Computer Science CS 495/595 Spring 2012 Michael L. Nelson 04/17/12
2
“Soft 404s” foo.edu/lookup.php?key=123456
what http status code do you return if: script “lookup.php” exists and has no syntax errors but key is deleted or invalid Competing semantic events: script is there and running = 200 OK bad key for database = 404 Not Found reading: “Sic Transit Gloria Telae: Towards an Understanding of the Web’s Decay”
3
Why? People Forget (Or Don't Even Think About It)
% cat soft-404.cgi #!/usr/bin/perl print "Content-type: text/html\n\n"; $some_lookup = 0; if ($some_lookup) { # do something here } else { print "<h1>sorry, we can't find that key</h1>\n" } % curl -i HTTP/ OK Date: Mon, 16 Apr :06:34 GMT Server: Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q Transfer-Encoding: chunked Content-Type: text/html <h1>sorry, we can't find that key</h1>
4
Soft 404s in the Live Web % curl -I HTTP/ OK Date: Mon, 16 Apr :25:17 GMT Server: Apache/ (Unix) PHP/5.3.5 mod_ssl/ OpenSSL/0.9.8q Accept-Ranges: bytes Content-Type: text/html
5
Sites Are Better Than They Used To Be…
% curl -I -L HTTP/ Moved Permanently Server: Apache-Coyote/1.1 Cache-Control: private [cookies] Pragma: no-cache Location: Galaxie 7 Litre 1966 Ford Galaxie 7 Litre RARE SURVIVOR ORIGINAL MILES RlogId: p4%60bo7%60jtb9%3Fv%7F.r%2B616d2tk-136bd7c1c4c Content-Length: 0 Date: Mon, 16 Apr :28:08 GMT RlogId: p4kjkbsdab%60jtb9%3Fvo%7B2d71f%2B6%3Anpdyhw2vn-136bd7c1d5d Location: HTTP/ Not Found ETag: Last-Modified: Content-Type: text/html;charset=utf-8 Content-Length: 84418 Date: Mon, 16 Apr :28:09 GMT
6
Embedded 404s % curl -i http://yfrog.com/h56kshgj HTTP/1.1 200 OK
Server: nginx/1.0.4 Date: Tue, 17 Apr :58:57 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.2.9 [html deleted] % curl -i HTTP/ Not Found Server: nginx/1.0.4 Date: Tue, 17 Apr :03:18 GMT Content-Type: text/html Connection: keep-alive X-Powered-By: PHP/5.2.9 Content-Length: 38 X-Varnish: Age: 0 Via: 1.1 varnish X-Varnish-Hits: 0 X-Varnish-IP: X-Varnish-Port: 17001 Unable to read source image dimensions see also:
7
410 Gone Apparently a case of "infosuicide"
% curl -i HTTP/ Gone Server: nginx Date: Tue, 17 Apr :50:25 GMT Content-Type: text/html; charset=iso Connection: keep-alive Content-Length: 331 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>410 Gone</title> </head><body> <h1>Gone</h1> <p>The requested resource<br />/archives/2004/02/04/incompatible-rss<br /> is no longer available on this server and there is no forwarding address. Please remove all references to this resource.</p> </body></html> Apparently a case of "infosuicide" Ironically, returns a 404 instead of a 410…
8
How Can We Get to Prior Versions of the Resource?
Memento… TimeMap TimeGate see:
9
"Soft 401s?" % curl -I HTTP/ OK Date: Tue, 17 Apr :58:29 GMT Server: Apache X-Powered-By: PHP/ lenny16 Set-Cookie: PHPSESSID=089308a1d926c03026badaaecea2b9b4; expires=Fri, 20 Apr :58:29 GMT; path=/ Expires: Thu, 19 Nov :52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Clicking on: will produce a login page
10
Archiving Soft 401s… % curl < < < < < memento";datetime="Wed, 01 Sep :53:10 GMT", < 04 Dec :06:02 GMT", < 07 Mar :34:37 GMT", < 14 Jul :31:30 GMT", < memento";datetime="Tue, 09 Jun :52:45 GMT"
11
What Have We Archived? % curl -I -L HTTP/ Moved Temporarily Server: Apache-Coyote/1.1 Memento-Datetime: Tue, 09 Jun :52:45 GMT Link: [deletia] [deletia] Location: Content-Type: text/html;charset=UTF-8 Content-Length: 760 Date: Tue, 17 Apr :40:05 GMT HTTP/ OK [deletia Content-Type: text/html;charset=cp1252 Content-Length: 9296 X-Varnish: Age: 0 Via: 1.1 varnish Connection: keep-alive X-Cache: MISS also, is nowunprotected
12
401 vs. 403 % curl -I -L HTTP/ Forbidden Server: Apache-Coyote/1.1 Memento-Datetime: Wed, 01 Sep :53:10 GMT Link: < < < memento"; datetime="Wed, 01 Sep :53:10 GMT", < memento"; datetime="Tue, 09 Jun :52:45 GMT", < memento"; datetime="Sat, 04 Dec :06:02 GMT" , < type="application/link-format",< [some headers deleted] Content-Type: text/html;charset=UTF-8 Content-Length: 2999 Date: Tue, 17 Apr :52:58 GMT X-Varnish: Age: 0 Via: 1.1 varnish Connection: keep-alive X-Cache: MISS You can make a case this should be a 401, but most clients handle 401 with a popup, so perhaps 403 is the correct response. But 403 also means "Authorization will not help and the request SHOULD NOT be repeated." A more difficult question: what does it mean to have an archived authentication page?
13
503 Service Unavailable The server can optionally provide
% curl -I HTTP/ Service Unavailable Server: nginx Date: Mon, 06 Feb :06:47 GMT Connection: keep-alive Content-Length: 606 X-Varnish: Age: 0 Via: 1.1 varnish The server can optionally provide the client with additional guidance: Retry-After: Fri, 31 Dec :59:59 GMT Retry-After: 120
14
204 Used Incorrectly… % curl -I http://yfrog.com/h7ap5rdj:iphone
HTTP/ No Content Server: nginx/1.0.4 Date: Tue, 17 Apr :31:24 GMT Connection: keep-alive should be 405 Method Not Allowed % curl -i HTTP/ Moved Permanently Server: nginx/1.0.4 Date: Tue, 17 Apr :30:00 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.2.9 Location:
15
100 Continue PUT /~mln/cars/1966-Fairlane.txt Host: coolfords.org Date: Tue, 14 Apr :34:00 GMT Content-Type: text/plain Content-Length: 193 Connection: close ______________ // \\ // \\ | __ __ | |--/ \ / \---| \__/ \__/ HTTP Created Server: FordServer ETag: “XYZ” PUT /~mln/cars/1966-Fairlane.txt Host: coolfords.org Date: Tue, 14 Apr :34:00 GMT Content-Type: text/plain Content-Length: 193 Connection: close Expect: 100-Continue HTTP Continue ______________ // \\ // \\ | __ __ | |--/ \ / \---| \__/ \__/ HTTP Created Server: FordServer ETag: “XYZ” Possible response codes: 200, 201, 401, 403, 405, 411, 413, 414, 417 Applicable to any method in which the client sends an entity body to the server (i.e., POST, PUT) Ignore the header if not applicable to the method.
16
Status Codes I've Never Seen in the Wild (Perhaps they exist, but…)
203 Non-Authoritative Information 205 Reset Content 305 Use Proxy 307 Temporary Redirect 402 Payment Required 407 Proxy Authentication Required 417 Expectation Failed 502 Bad Gateway 504 Gateway Timeout
17
Partial GETs… Partial PUTs?
% cat patch-1.txt A new method is necessary to improve interoperability and prevent errors. The PUT method is already defined to overwrite a resource with a complete new body, and cannot be reused to do partial changes. Otherwise, proxies and caches, and even clients and servers, may get confused as to the result of the operation. POST is already used but without broad interoperability (for one, there is no standard way to discover patch format support). PATCH was mentioned in earlier HTTP specifications, but not completely defined. % cat patch-2.txt Otherwise, proxies and caches, XXand even clients and servers, may get % diff patch-1.txt patch-2.txt 4c4 < Otherwise, proxies and caches, and even clients and servers, may get --- > Otherwise, proxies and caches, XXand even clients and servers, may get
18
PATCH Method PATCH /file.txt HTTP/1.1 Host: Content-Type: text/x-patch If-Match: "e0023aa4e" Content-Length: 158 Connection: close 4c4 < Otherwise, proxies and caches, and even clients and servers, may get --- > Otherwise, proxies and caches, XXand even clients and servers, may get HTTP/ No Content Content-Location: /file.txt ETag: "e0023aa4f" see RFC 5789 (text/x-patch & text/x-diff are not officially registered w/ IANA)
19
HTTP as a Filesystem WebDAV Methods:
RFC 2518 Methods: PROPFIND — used to retrieve properties (i.e., metadata) from a resource. PROPPATCH — used to change and delete multiple properties on a resource MKCOL — used to create collections (i.e., directories) COPY — used to copy a resource from one URI to another MOVE — used to move a resource from one URI to another LOCK — used to lock a resource UNLOCK — used to remove a lock from a resource
Similar presentations
