Bug 52539 - Apache mod_dav 400 Bad Request for non-existent collection resource
Summary: Apache mod_dav 400 Bad Request for non-existent collection resource
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_dav (show other bugs)
Version: 2.2.11
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2012-01-26 16:56 UTC by Garret Wilson
Modified: 2012-01-26 16:56 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Garret Wilson 2012-01-26 16:56:30 UTC
Apache seems to be sending back a 400 Bad Request for a simple non-existing collection resource.

I have a resource `/test/junit/test.bin`. I want to check if the collection `/test/junit/test.bin/` exists (i.e. a collection of the same name)---according to RFC 2518, a collection (with a slash) and a non-collection are distinct. When I issue a `PROPFIND` on `/test/junit/test.bin/`, Apache responds with a 400 Bad Request.

Now, I understand that many people and implementation have blurred the lines between collections and non-collections---that is, whether a collection has to have an ending slash. But whatever the case, the collection `/test/junit/test.bin/` does not exist---issuing a `PROPFIND` on a collection that does not exist is not a "bad request". Shouldn't Apache simply issue a standard 404 Not Found or 410 Gone? What was "bad" about my request?

	PROPFIND /test/junit/test.bin/ HTTP/1.1
	depth: 1
	content-length: 102
	authorization: BASIC XXXXX
	host: example.com

	<?xml version="1.0" encoding="UTF-8"?>
	<D:propfind xmlns:D="DAV:">
		<D:allprop />

	HTTP/1.1 400 Bad Request
	Date: Mon, 23 Jan 2012 15:30:37 GMT
	Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8k DAV/2 SVN/1.7.2 mod_jk/1.2.28
	Content-Length: 226
	Connection: close
	Content-Type: text/html; charset=iso-8859-1

	<title>400 Bad Request</title>
	<h1>Bad Request</h1>
	<p>Your browser sent a request that this server could not understand.<br />

Here's what Apache puts in the logs:

	[Mon Jan 23 14:31:09 2012] [error] [client XX.XXX.XX.XXX] Could not fetch resource information.  [400, #0]
	[Mon Jan 23 14:31:09 2012] [error] [client XX.XXX.XX.XXX] (20)Not a directory: The URL contains extraneous path components. The resource could not be identified.  [400, #0]

Yes, I understand that a resource of the same name (without the ending slash) exists and I'm asking for properties of a collection (with the slash). So yes, we can predict when Apache will return 400. But I do not believe that 400 Bad Request is a correct response, and I can find nothing in RFC 2518 to justify 400 Bad Request. I made a perfectly valid request for a collection resource that did not exist, so in my opinion Apache should send back a 404 Not Found indicating that this collection resource does not exist.

There was nothing "bad" about my request. So Apache found another resource (`/test/junit/test.bin`) that exists. So what? I wasn't asking about that resource. I was asking about `/test/junit/test.bin/`. The answer is (or should be) that it doesn't exist---not that I made a bad request.

See http://stackoverflow.com/questions/8976331/apache-mod-dav-400-bad-request-for-non-existent-collection-resource .