Configuring Compliance Modes for HTTP Parsing and Handling
Valid in Version: 2020.2.8 and later
Information about Akana Administration Console settings that support configuring compliance modes for HTTP parsing and handling.
Table of Contents
Introduction
In version 2020.2.0 and later, the Akana platform uses an updated version of Jetty that supports RFC 7230, a later HTTP specification. There is a difference between the expected behavior, between the newer and older specifications. Because of this, the Akana Administration Console now includes an additional setting so that you can configure your installation as needed. The new configuration property allows you to configure the RFC compliance level of the HTTP parser. This provides backwards compatibility with older versions of Jetty, and provides support for clients that are not compliant with the latest RFCs.
Specifications
Applicable specifications:
- https://datatracker.ietf.org/doc/html/rfc2616 "Hypertext Transfer Protocol -- HTTP/1.1"
- https://datatracker.ietf.org/doc/html/rfc7230 " Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing"
Configuring the security settings
Log in to the Akana Administration Console and go to Configuration > com.soa.platform.jetty.
Modify the http.incoming.transport.config.compliance field as needed. Available values are shown below.
- LEGACY
- Provides compatibility with legacy Jetty behavior in previous versions, prior to RFC 2616 and RFC 7230.
- RFC2616_LEGACY
- Legacy Jetty support for RFC 2616, which is aligned with the RFC but excludes method cases sensitivity, colons in fields, transfer encoding with content-length headers, and multiple content-length headers.
- RFC2616
- RFC 2616 compatibility.
- RFC7230
- RFC 7230 compatibility. This is the default setting.
- RFC7230_LEGACY
- Supports Jetty default RFC 7230 behavior, which is aligned with RFC 7230 but excludes method case sensitivity.