Cneonction 和 nnCoection HTTP 标头 [英] Cneonction and nnCoection HTTP headers

问题描述

在 Web 的互操作性方面，我们经常遇到一些问题.浏览器供应商的这些问题之一是拼写错误的 Connection HTTP 标头.这两种形式给出了最常见的错误.

We have often some issues in terms of interoperability on the Web. One of these issues for browsers vendors is the wrongly spelled Connection HTTP header. The most common errors are given by these two forms.

nnCoection:
Cneonction:

有几篇关于此的文章，包括 有趣的 HTTP 标头.它通常按时期发生，然后消失.其中一些似乎是由负载均衡器创建的，例如 this example:NetScaler Appliance.

There are has been a few articles about this, including Fun with HTTP headers. Often it is happening by period, then disappear. It seems that some of them are created by load balancers such as this example: NetScaler Appliance.

您知道造成这些问题的任何其他硬件或软件实例吗?

Do you know any other instances of hardware or software that create these issues?

更新这里是一个没有发回良好 Connection HTTP 标头的站点的示例.

Update Here an example among others of a site which doesn't send back a good Connection HTTP header.

curl -sI ehg-nokiafin.hitbox.com
HTTP/1.1 200 OK
Date: Tue, 25 Jan 2011 20:35:45 GMT
Server: Hitbox Gateway 9.3.6-rc1
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP LAW NID PSA ADM OUR IND NAV COM"
Cneonction: close
Pragma: no-cache
Cache-Control: max-age=0, private, proxy-revalidate
Expires: Tue, 25 Jan 2011 20:35:46 GMT
Content-Type: text/plain
Content-Length: 23

2011-01-26 更新

在关于 AWS 的亚马逊论坛上，有一个关于 线程的关于 <代码>nnCoection.一条评论说:

On Amazon forum about AWS, there is a thread about nnCoection. A comment says:

仅供参考，它拼错单词的原因连接是这样的，互联网校验和(一个简单的总和)仍然添加向上，这样变化可以发生在数据包级别.如果完全删除标题，它必须停止转发响应，直到标题被完全读取，所以它可以重写标题，重新计算校验和，然后一起发送.

FYI, the reason it misspells the word connection is so that the internet check-sum (a simple sum) still adds up, this way the change can occur at the packet level. If it completely removed the header, it would have to stall forwarding the response until the header was entirely read, so it could rewrite the headers, recompute the checksum and then send it along.

与

sum(ord(c) for c in "Connection")

和

sum(ord(c) for c in "nnCoection")

两者都给出 1040

推荐答案

你确定这是一个实际的问题吗?链接的文章表明，这些类型的标头是故意拼错的"，因此负载平衡器、反向代理或其他中间件可以破坏服务器保持连接保持活动的愿望，而无需跟踪 TCP 流位置的增量.连接的生命.实际上，通过强制与其他服务器的保持活动连接迁移到联机的服务器，这样的事情可能实际上是必要的，以使停机和恢复的服务器重新投入使用.

Are you sure it's an actual issue? The linked article suggests that these sorts of headers are "misspelled on purpose" so that a load balancer, reverse proxy or other middlebox can defeat the server's wishes that the connection be kept alive, without having to track a delta in TCP stream position over the life of the connection. Something like this may actually be necessary to bring a downed and recovered server back into active duty, by forcing kept-alive connections to other servers to migrate to the one brought online.

如果您的协议依赖于 HTTP Connection: keep-alive 才能运行(咳嗽)，你可能做错了.

If you have a protocol that's dependent on HTTP Connection: keep-alive to function (cough), you're probably doing it wrong.

这篇关于Cneonction 和 nnCoection HTTP 标头的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！