Apache HTTP Server Compatibility

This wiki content attempts to catalog known compatibility questions between common HTTP servers, browsers, other user-agents, and other proxy agents such as firewalls or load balancers. Note that Apache HTTP Server acts as both a server, and as a proxy server, also as a user-agent communicating with a back-end server. The implementation of the specs listed below may vary between these two roles.

Applicable Specifications

Apache HTTP Server implements a number of specifications, each of which poses interoperability challenges for any implementer. Different implementations may;

• Apply a different interpretation of the same reading when the specification is unclear
• Choose to be permissive where multiple readings are possible, or to strictly conform when the plain reading is clear
• Deviate from the specification in error, for their own purpose, or to accommodate another implementation
  

Apache HTTP Server since inception has erred on the side of being lenient in accepting questionable input, and strict in emitting responses from the server, which helped to fuel the adoption of the HTTP protocol. In response to a number of attack vectors which rely on the differences in accepting and interpreting questionable input, the server is evolving to more strictly require that input conform to the relevant specifications.

The current version of HTTP implements the following specifications, with specific wiki pages dedicated to each topic (this list not exhaustive);

Interoperability Issues

See specific Notes above for issues related to each specification. General Issues between specific clients and back-end servers are called out below.

Specific Client Issues (httpd as a Server)

Specific Server Issues (httpd as a User-Agent)