Bug 57483 - Omit "Keep-Alive" header on 1.1 connections
Summary: Omit "Keep-Alive" header on 1.1 connections
Status: RESOLVED LATER
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.0-HEAD
Hardware: All All
: P2 normal with 1 vote (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: MassUpdate
Depends on:
Blocks:
 
Reported: 2015-01-22 08:41 UTC by Mark Nottingham
Modified: 2018-11-07 21:09 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Nottingham 2015-01-22 08:41:25 UTC
Keep-Alive is defined for HTTP/1.0, not 1.1; sending it from a server on a 1.1 connection is just wasting bytes.

Ideally, Apache wouldn't send either Connection: keep-alive or the Keep-Alive header field  on 1.1 connections at all; at the very least, it should be configurable.
Comment 1 Takashi Sato 2015-01-22 12:34:48 UTC
Keep-Alive header indicates KeepAliveTimeout.
Some browsers (at least Firefox) read it and avoid a race condition about KeepAliveTimeout.
So -0.5 for simply omit Keep-Alive header.
Comment 2 Yann Ylavic 2015-01-22 12:49:39 UTC
The Keep-Alive response header is a hint which may be used by browsers to determine how many requests (max=) and how long connections (timeout=) will be kept alive by the server.
It may prevent them from sending requests too late, so this is a valuable information IMHO (I don't know if browsers use it though, but they ought to...).

Indeed HTTP/1.1 does not define Keep-Alive as such, but says any header Connection's token used as a header is hop-by-hop (ie. not forwardable and possibly ignored if not understood), and so is Keep-Alive.

"Connection: keep-alive" is the default in HTTP/1.1, so it may not be needed unless the header Keep-Alive is also there.
Comment 3 Mark Nottingham 2015-01-23 00:50:19 UTC
True, but FF et al don't *need* that header; some sites will want to omit the header to save bytes on the header (e.g., search StackOverflow). Some control would be nice.
Comment 4 Gunter Grodotzki 2016-06-05 16:58:54 UTC
Some random notes I am throwing in here after doing some debugs this weekend:

1. It is _not_ needed (nor "defined by the protocol") to send the "Keep-Alive:" response header - in fact other webservers don't even do that by default (IIS/Nginx)

2. When building http-clients, it would be super bad practice to rely on "headers" and there are other better ways of knowing if a tcp connection is still live or not.

3. While IIS and Nginx usually allow some milliseconds more than the timeout config, Apache usually falls a few milliseconds short, that means, if a http-client would rely on this header, it would assume still being able to use the connection while that wouldn't be anymore true.
Comment 5 William A. Rowe Jr. 2018-11-07 21:09:39 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.