Configuring Compliance Modes for HTTP Parsing and Handling

Valid in Version: 2020.2.8 and later

Information about Akana Administration Console settings that support configuring compliance modes for HTTP parsing and handling.

Table of Contents

Introduction

In version 2020.2.0 and later, the Akana platform uses an updated version of Jetty that supports RFC 7230, a later HTTP specification. There is a difference between the expected behavior, between the newer and older specifications. Because of this, the Akana Administration Console now includes an additional setting so that you can configure your installation as needed. The new configuration property allows you to configure the RFC compliance level of the HTTP parser. This provides backwards compatibility with older versions of Jetty, and provides support for clients that are not compliant with the latest RFCs.

Specifications

Applicable specifications:

Configuring the security settings

Log in to the Akana Administration Console and go to Configuration > com.soa.platform.jetty.

Modify the http.incoming.transport.config.compliance field as needed. Available values are shown below.

LEGACY
Provides compatibility with legacy Jetty behavior in previous versions, prior to RFC 2616 and RFC 7230.
RFC2616_LEGACY
Legacy Jetty support for RFC 2616, which is aligned with the RFC but excludes method cases sensitivity, colons in fields, transfer encoding with content-length headers, and multiple content-length headers.
RFC2616
RFC 2616 compatibility.
RFC7230
RFC 7230 compatibility. This is the default setting.
RFC7230_LEGACY
Supports Jetty default RFC 7230 behavior, which is aligned with RFC 7230 but excludes method case sensitivity.