動機

・どんなヘッダを送信しているか知りたい。
・JavaとかRubyの標準ライブラリが Host ヘッダをちゃんと送信しているのかどうかちょっと心配だったから。

環境

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]

または

[Client] -> [Apache Tomcat 5.5 (port 8180)]

という環境でヘッダを確認。

JSPのソースコード

Apache Tomcat 5.5 で動作させるJSPのソースコード。
このJSPがHTTPリクエストヘッダを表示する。


<%@ page
  contentType="text/html; charset=UTF-8"
  session="false"
  import="java.util.*" %>
<html>
<body>
<h1>http request headers</h1>
<form action="">
<textarea>
Request Method: <%= request.getMethod() %>
Request URI: <%= request.getRequestURI() %>
Request Protocol: <%= request.getProtocol() %>
Authorization scheme: <%= request.getAuthType() %>
<%
  for(Enumeration names = request.getHeaderNames(); names.hasMoreElements();){
    String name  = (String)names.nextElement();
    String value = request.getHeader(name);
%>
<%= name %>: <%= value %>
<%
  }
%>
</textarea>
</form>
</body>
</html>

# 何らセキュリティとか考慮していないコードなので注意。

Client が Internet Explorer 7 (Windows) のとき

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: localhost:8180
accept: */*
accept-encoding: gzip, deflate
accept-language: ja
cache-control: no-cache
ua-cpu: x86
user-agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)
x-forwarded-for: xxx.xxx.xx.xx
x-forwarded-host: www.foo.bar
x-forwarded-server: www.foo.bar
connection: close

・ua-cpu というヘッダがついている。
・x-forwarded- は Apache で reverse proxy するとつくらしい。
・x-forwarded-for: xxx.xxx.xx.xx の xxx はIPアドレス。ここではいちおう伏字にしておく。

Client が Safari 3 (Windows) のとき

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: localhost:8180
accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
accept-encoding: gzip, deflate
accept-language: ja-JP
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja-JP) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
x-forwarded-for: xxx.xxx.xx.xx
x-forwarded-host: www.foo.bar
x-forwarded-server: www.foo.bar
connection: close

Client が Firefox 3 (Windows) のとき

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: localhost:8180
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-charset: EUC-JP,utf-8;q=0.7,*;q=0.7
accept-encoding: gzip,deflate
accept-language: ja,en;q=0.7,en-us;q=0.3
cache-control: max-age=0
user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
x-forwarded-for: xxx.xxx.xx.xx
x-forwarded-host: www.foo.bar
x-forwarded-server: www.foo.bar
connection: close

Client が Firefox 3 (Windows) のとき

[Client] -> [Apache Tomcat 5.5 (port 8180)]

直接 Apache Tomcat 5.5 への接続。


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: www.foo.bar:8180
user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: ja,en;q=0.7,en-us;q=0.3
accept-encoding: gzip,deflate
accept-charset: EUC-JP,utf-8;q=0.7,*;q=0.7
keep-alive: 300
connection: keep-alive
cache-control: max-age=0

[ctrl]+[f5]でページをリロードすると「pragma: no-cache」 も追加で送信される。

Client が GNU Wget 1.8.2 (Windows) のとき

[Client] -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.0
Authorization scheme: null
user-agent: Wget/1.8.2
host: www.foo.bar:8180
accept: */*
connection: Keep-Alive

Client が w3m/0.5.1 (Debian GNU/Linux etch) のとき

[Client] -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.0
Authorization scheme: null
user-agent: w3m/0.5.1+cvs-1.968
accept: text/html, text/*;q=0.5, image/*, application/*, audio/*
accept-encoding: gzip, compress, deflate
accept-language: ja;q=1.0, en;q=0.5
host: www.foo.bar:8180

Client が Java 5 (Windows) のプログラムのとき

[Client] -> [Apache Tomcat 5.5 (port 8180)]

こんな感じのプログラムでアクセスしてみた。


import java.io.*;
import java.net.*;
public class WebGet {
  public static void main(String[] args) throws Exception {
    URL url = new URL("http://www.foo.bar:8180/hoge1/hoge2/reqheaders.jsp");
    HttpURLConnection con = (HttpURLConnection) url.openConnection();
    con.setRequestMethod("GET");
    con.connect();
    BufferedReader reader = new BufferedReader(new InputStreamReader(
        con.getInputStream()));
    while (true) {
      String line = reader.readLine();
      if (line == null) {
        break;
      }
      System.out.println(line);
    }
    reader.close();
    con.disconnect();
  }
}


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
user-agent: Java/1.5.0_08
host: www.foo.bar:8180
accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
connection: keep-alive
content-type: application/x-www-form-urlencoded

ちゃんと host ヘッダぐらいは指定されている。

Client が Ruby 1.8 (Windows) のプログラムのとき

[Client] -> [Apache Tomcat 5.5 (port 8180)]

Ruby 1.8.7 (2008-08-11 patchlevel 72) [i386-mswin32] を使用。

こんな感じのプログラムでアクセスしてみた。


require 'uri'
require 'net/http'
Net::HTTP.version_1_2
uri=URI('http://www.foo.bar:8180/hoge1/hoge2/reqheaders.jsp')
Net::HTTP.start(uri.host, uri.port){|http|
  puts http.get(uri.path).body
}


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
accept: */*
host: www.foo.bar:8180

Client が gooモバイル携帯サイトビューワのとき

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]

gooモバイル - 携帯サイトビューワ を使用。


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: localhost:8180
user-agent: DoCoMo/2.0 N905i(c100;TB;W24H16)(compatible; mobile goo; +http://emu.mobile.goo.ne.jp/)
x-forwarded-for: xxx.xxx.xx.xx
x-forwarded-host: www.foo.bar
x-forwarded-server: www.foo.bar
connection: close

Client が DoCoMoの携帯電話F905iのとき

[Client] -> [Apache HTTP Server 1.3 (port 80)] -> reverse proxy -> [Apache Tomcat 5.5 (port 8180)]


Request Method: GET
Request URI: /hoge1/hoge2/reqheaders.jsp
Request Protocol: HTTP/1.1
Authorization scheme: null
host: localhost:8180
if-modified-since: Tue, 17 Feb 2009 11:56:14 GMT
user-agent: DoCoMo/2.0 F905i(c100;TB;W24H17)
x-forwarded-for: xxx.xxx.xx.xx
x-forwarded-host: www.foo.bar
x-forwarded-server: www.foo.bar
connection: close

よく考えたら、リバースプロキシ使ってたら host ヘッダ書き換えられちゃうんだよね。。。

tags: zlashdot Zura

Posted by NI-Lab. (@nilab)