draft-ietf-httpbis-proxy-status-05.txt   draft-ietf-httpbis-proxy-status-06.txt 
HTTP M. Nottingham HTTP M. Nottingham
Internet-Draft Fastly Internet-Draft Fastly
Intended status: Standards Track P. Sikora Intended status: Standards Track P. Sikora
Expires: 29 October 2021 Google Expires: 17 February 2022 Google
27 April 2021 16 August 2021
The Proxy-Status HTTP Response Header Field The Proxy-Status HTTP Response Header Field
draft-ietf-httpbis-proxy-status-05 draft-ietf-httpbis-proxy-status-06
Abstract Abstract
This document defines the Proxy-Status HTTP field to convey the This document defines the Proxy-Status HTTP field to convey the
details of intermediary response handling, including generated details of intermediary response handling, including generated
errors. errors.
Note to Readers Note to Readers
_RFC EDITOR: please remove this section before publication_ _RFC EDITOR: please remove this section before publication_
skipping to change at page 1, line 48 skipping to change at page 1, line 48
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 29 October 2021. This Internet-Draft will expire on 17 February 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 33 skipping to change at page 2, line 33
2. The Proxy-Status HTTP Field . . . . . . . . . . . . . . . . . 4 2. The Proxy-Status HTTP Field . . . . . . . . . . . . . . . . . 4
2.1. Proxy-Status Parameters . . . . . . . . . . . . . . . . . 5 2.1. Proxy-Status Parameters . . . . . . . . . . . . . . . . . 5
2.1.1. error . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.1. error . . . . . . . . . . . . . . . . . . . . . . . . 5
2.1.2. next-hop . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2. next-hop . . . . . . . . . . . . . . . . . . . . . . 6
2.1.3. next-protocol . . . . . . . . . . . . . . . . . . . . 7 2.1.3. next-protocol . . . . . . . . . . . . . . . . . . . . 7
2.1.4. received-status . . . . . . . . . . . . . . . . . . . 7 2.1.4. received-status . . . . . . . . . . . . . . . . . . . 7
2.1.5. details . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.5. details . . . . . . . . . . . . . . . . . . . . . . . 7
2.2. Defining New Proxy-Status Parameters . . . . . . . . . . 7 2.2. Defining New Proxy-Status Parameters . . . . . . . . . . 7
2.3. Proxy Error Types . . . . . . . . . . . . . . . . . . . . 8 2.3. Proxy Error Types . . . . . . . . . . . . . . . . . . . . 8
2.3.1. DNS Timeout . . . . . . . . . . . . . . . . . . . . . 8 2.3.1. DNS Timeout . . . . . . . . . . . . . . . . . . . . . 8
2.3.2. DNS Error . . . . . . . . . . . . . . . . . . . . . . 8 2.3.2. DNS Error . . . . . . . . . . . . . . . . . . . . . . 9
2.3.3. Destination Not Found . . . . . . . . . . . . . . . . 9 2.3.3. Destination Not Found . . . . . . . . . . . . . . . . 9
2.3.4. Destination Unavailable . . . . . . . . . . . . . . . 9 2.3.4. Destination Unavailable . . . . . . . . . . . . . . . 9
2.3.5. Destination IP Prohibited . . . . . . . . . . . . . . 9 2.3.5. Destination IP Prohibited . . . . . . . . . . . . . . 10
2.3.6. Destination IP Unroutable . . . . . . . . . . . . . . 10 2.3.6. Destination IP Unroutable . . . . . . . . . . . . . . 10
2.3.7. Connection Refused . . . . . . . . . . . . . . . . . 10 2.3.7. Connection Refused . . . . . . . . . . . . . . . . . 10
2.3.8. Connection Terminated . . . . . . . . . . . . . . . . 10 2.3.8. Connection Terminated . . . . . . . . . . . . . . . . 11
2.3.9. Connection Timeout . . . . . . . . . . . . . . . . . 10 2.3.9. Connection Timeout . . . . . . . . . . . . . . . . . 11
2.3.10. Connection Read Timeout . . . . . . . . . . . . . . . 11 2.3.10. Connection Read Timeout . . . . . . . . . . . . . . . 11
2.3.11. Connection Write Timeout . . . . . . . . . . . . . . 11 2.3.11. Connection Write Timeout . . . . . . . . . . . . . . 11
2.3.12. Connection Limit Reached . . . . . . . . . . . . . . 11 2.3.12. Connection Limit Reached . . . . . . . . . . . . . . 12
2.3.13. TLS Protocol Error . . . . . . . . . . . . . . . . . 11 2.3.13. TLS Protocol Error . . . . . . . . . . . . . . . . . 12
2.3.14. TLS Certificate Error . . . . . . . . . . . . . . . . 12 2.3.14. TLS Certificate Error . . . . . . . . . . . . . . . . 13
2.3.15. TLS Alert Received . . . . . . . . . . . . . . . . . 12 2.3.15. TLS Alert Received . . . . . . . . . . . . . . . . . 13
2.3.16. HTTP Request Error . . . . . . . . . . . . . . . . . 13 2.3.16. HTTP Request Error . . . . . . . . . . . . . . . . . 13
2.3.17. HTTP Request Denied . . . . . . . . . . . . . . . . . 13 2.3.17. HTTP Request Denied . . . . . . . . . . . . . . . . . 14
2.3.18. HTTP Incomplete Response . . . . . . . . . . . . . . 13 2.3.18. HTTP Incomplete Response . . . . . . . . . . . . . . 14
2.3.19. HTTP Response Header Section Too Large . . . . . . . 14 2.3.19. HTTP Response Header Section Too Large . . . . . . . 15
2.3.20. HTTP Response Header Too Large . . . . . . . . . . . 14 2.3.20. HTTP Response Header Too Large . . . . . . . . . . . 15
2.3.21. HTTP Response Body Too Large . . . . . . . . . . . . 14 2.3.21. HTTP Response Body Too Large . . . . . . . . . . . . 15
2.3.22. HTTP Response Trailer Section Too Large . . . . . . . 15 2.3.22. HTTP Response Trailer Section Too Large . . . . . . . 16
2.3.23. HTTP Response Trailer Too Large . . . . . . . . . . . 15 2.3.23. HTTP Response Trailer Too Large . . . . . . . . . . . 16
2.3.24. HTTP Response Transfer-Coding Error . . . . . . . . . 16 2.3.24. HTTP Response Transfer-Coding Error . . . . . . . . . 17
2.3.25. HTTP Response Content-Coding Error . . . . . . . . . 16 2.3.25. HTTP Response Content-Coding Error . . . . . . . . . 17
2.3.26. HTTP Response Timeout . . . . . . . . . . . . . . . . 16 2.3.26. HTTP Response Timeout . . . . . . . . . . . . . . . . 18
2.3.27. HTTP Upgrade Failed . . . . . . . . . . . . . . . . . 17 2.3.27. HTTP Upgrade Failed . . . . . . . . . . . . . . . . . 18
2.3.28. HTTP Protocol Error . . . . . . . . . . . . . . . . . 17 2.3.28. HTTP Protocol Error . . . . . . . . . . . . . . . . . 18
2.3.29. Proxy Internal Response . . . . . . . . . . . . . . . 17 2.3.29. Proxy Internal Response . . . . . . . . . . . . . . . 19
2.3.30. Proxy Internal Error . . . . . . . . . . . . . . . . 17 2.3.30. Proxy Internal Error . . . . . . . . . . . . . . . . 19
2.3.31. Proxy Configuration Error . . . . . . . . . . . . . . 18 2.3.31. Proxy Configuration Error . . . . . . . . . . . . . . 19
2.3.32. Proxy Loop Detected . . . . . . . . . . . . . . . . . 18 2.3.32. Proxy Loop Detected . . . . . . . . . . . . . . . . . 20
2.4. Defining New Proxy Error Types . . . . . . . . . . . . . 18 2.4. Defining New Proxy Error Types . . . . . . . . . . . . . 20
3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 21
4. Security Considerations . . . . . . . . . . . . . . . . . . . 19 4. Security Considerations . . . . . . . . . . . . . . . . . . . 21
5. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.1. Normative References . . . . . . . . . . . . . . . . . . 20 5.1. Normative References . . . . . . . . . . . . . . . . . . 21
5.2. Informative References . . . . . . . . . . . . . . . . . 20 5.2. Informative References . . . . . . . . . . . . . . . . . 22
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23
1. Introduction 1. Introduction
HTTP intermediaries -- including both forward proxies and gateways HTTP intermediaries -- including both forward proxies and gateways
(also known as "reverse proxies") -- have become an increasingly (also known as "reverse proxies") -- have become an increasingly
significant part of HTTP deployments. In particular, reverse proxies significant part of HTTP deployments. In particular, reverse proxies
and Content Delivery Networks (CDNs) form part of the critical and Content Delivery Networks (CDNs) form part of the critical
infrastructure of many Web sites. infrastructure of many Web sites.
Typically, HTTP intermediaries forward requests towards the origin Typically, HTTP intermediaries forward requests towards the origin
skipping to change at page 4, line 42 skipping to change at page 4, line 42
Each member of the list represents an intermediary that has handled Each member of the list represents an intermediary that has handled
the response. The first member of the list represents the the response. The first member of the list represents the
intermediary closest to the origin server, and the last member of the intermediary closest to the origin server, and the last member of the
list represents the intermediary closest to the user agent. list represents the intermediary closest to the user agent.
For example: For example:
Proxy-Status: FooProxy, ExampleCDN Proxy-Status: FooProxy, ExampleCDN
indicates that this response was handled first by FooProxy and then indicates that this response was handled first by FooProxy (a reverse
ExampleCDN. proxy adjacent to the origin server) and then ExampleCDN.
Intermediaries determine when it is appropriate to add the Proxy- Intermediaries determine when it is appropriate to add the Proxy-
Status field to a response. Some might decide to append to it to all Status field to a response. Some might decide to append to it to all
responses, whereas others might only do so when specifically responses, whereas others might only do so when specifically
configured to, or when the request contains a header that activates a configured to, or when the request contains a header that activates a
debugging mode. debugging mode.
Each member of the list identifies the intermediary that inserted the Each member of the list identifies the intermediary that inserted the
value, and MUST have a type of either sf-string or sf-token. value, and MUST have a type of either sf-string or sf-token.
Depending on the deployment, this might be a product or service name Depending on the deployment, this might be a product or service name
skipping to change at page 7, line 12 skipping to change at page 7, line 12
Proxy-Status: cdn.example.org; next-hop=backend.example.org Proxy-Status: cdn.example.org; next-hop=backend.example.org
2.1.3. next-protocol 2.1.3. next-protocol
The "next-protocol" parameter's value indicates the ALPN protocol The "next-protocol" parameter's value indicates the ALPN protocol
identifier [RFC7301] used by the intermediary to connect to the next identifier [RFC7301] used by the intermediary to connect to the next
hop. This is only applicable when that connection was actually hop. This is only applicable when that connection was actually
established. established.
The value MUST be either an sf-token or sf-binary. If the protocol The value MUST be either an sf-token or sf-binary, representing a TLS
identifier is able to be expressed as an sf-token using UTF-8 Application-Layer Protocol Negotiation (ALPN) Protocol ID (see
https://www.iana.org/assignments/tls-extensiontype-values/tls-
extensiontype-values.xhtml#alpn-protocol-ids
(https://www.iana.org/assignments/tls-extensiontype-values/tls-
extensiontype-values.xhtml#alpn-protocol-ids)). If the protocol
identifier is able to be expressed as an sf-token using ASCII
encoding, that form MUST be used. encoding, that form MUST be used.
For example: For example:
Proxy-Status: "proxy.example.org"; next-protocol=h2 Proxy-Status: "proxy.example.org"; next-protocol=h2
2.1.4. received-status 2.1.4. received-status
The "received-status" parameter's value indicates the HTTP status The "received-status" parameter's value indicates the HTTP status
code that the intermediary received from the next hop server. code that the intermediary received from the next hop server.
skipping to change at page 7, line 47 skipping to change at page 8, line 5
For example: For example:
Proxy-Status: ExampleProxy; error="http_protocol_error"; Proxy-Status: ExampleProxy; error="http_protocol_error";
details="Malformed response header - space before colon" details="Malformed response header - space before colon"
2.2. Defining New Proxy-Status Parameters 2.2. Defining New Proxy-Status Parameters
New Proxy-Status Parameters can be defined by registering them in the New Proxy-Status Parameters can be defined by registering them in the
HTTP Proxy-Status Parameters registry. HTTP Proxy-Status Parameters registry.
Registration requests are reviewed and approved by a Designated Registration requests are reviewed and approved by Expert Review, as
Expert, as per [RFC8126], Section 4.5. A specification document is per [RFC8126], Section 4.5. A specification document is appreciated,
appreciated, but not required. but not required.
The Expert(s) should consider the following factors when evaluating The Expert(s) should consider the following factors when evaluating
requests: requests:
* Community feedback * Community feedback
* If the value is sufficiently well-defined * If the value is sufficiently well-defined
* Generic parameters are preferred over vendor-specific, * Generic parameters are preferred over vendor-specific,
application-specific or deployment-specific values. If a generic application-specific or deployment-specific values. If a generic
skipping to change at page 8, line 24 skipping to change at page 8, line 31
* Parameter names should not conflict with registered extra * Parameter names should not conflict with registered extra
parameters in the Proxy Error Type Registry. parameters in the Proxy Error Type Registry.
Registration requests should use the following template: Registration requests should use the following template:
* Name: [a name for the Proxy-Status Parameter that matches key] * Name: [a name for the Proxy-Status Parameter that matches key]
* Description: [a description of the parameter semantics and value] * Description: [a description of the parameter semantics and value]
* Reference: [to a specification defining this parameter] * Reference: [to a specification defining this parameter; optional]
See the registry at https://iana.org/assignments/http-proxy-status See the registry at https://iana.org/assignments/http-proxy-status
(https://iana.org/assignments/http-proxy-status) for details on where (https://iana.org/assignments/http-proxy-status) for details on where
to send registration requests. to send registration requests.
2.3. Proxy Error Types 2.3. Proxy Error Types
This section lists the Proxy Error Types defined by this document. This section lists the Proxy Error Types defined by this document.
See Section 2.4 for information about defining new Proxy Error Types. See Section 2.4 for information about defining new Proxy Error Types.
Note that implementations might not produce all Proxy Error Types.
The set of types below is designed to map to existing states in
implementations, and so may not be applicable to some.
2.3.1. DNS Timeout 2.3.1. DNS Timeout
* Name: dns_timeout * Name: dns_timeout
* Description: The intermediary encountered a timeout when trying to * Description: The intermediary encountered a timeout when trying to
find an IP address for the next hop hostname. find an IP address for the next hop hostname.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
* Reference: [this document]
2.3.2. DNS Error 2.3.2. DNS Error
* Name: dns_error * Name: dns_error
* Description: The intermediary encountered a DNS error when trying * Description: The intermediary encountered a DNS error when trying
to find an IP address for the next hop hostname. to find an IP address for the next hop hostname.
* Extra Parameters: * Extra Parameters:
- rcode: A sf-string conveying the DNS RCODE that indicates the - rcode: A sf-string conveying the DNS RCODE that indicates the
error type. See [RFC8499], Section 3. error type. See [RFC8499], Section 3.
- info-code: A sf-integer conveying the Extended DNS Error Code - info-code: A sf-integer conveying the Extended DNS Error Code
info-code. See [RFC8914]. info-code. See [RFC8914].
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.3.3. Destination Not Found 2.3.3. Destination Not Found
* Name: destination_not_found * Name: destination_not_found
* Description: The intermediary cannot determine the appropriate * Description: The intermediary cannot determine the appropriate
next hop to use for this request; for example, it may not be next hop to use for this request; for example, it may not be
configured. Note that this error is specific to gateways, which configured. Note that this error is specific to gateways, which
typically require specific configuration to identify the "backend" typically require specific configuration to identify the "backend"
server; forward proxies use in-band information to identify the server; forward proxies use in-band information to identify the
origin server. origin server.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 500 * Recommended HTTP status code: 500
* Reference: [this document]
2.3.4. Destination Unavailable 2.3.4. Destination Unavailable
* Name: destination_unavailable * Name: destination_unavailable
* Description: The intermediary considers the next hop to be * Description: The intermediary considers the next hop to be
unavailable; e.g., recent attempts to communicate with it may have unavailable; e.g., recent attempts to communicate with it may have
failed, or a health check may indicate that it is down. failed, or a health check may indicate that it is down.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 503 * Recommended HTTP status code: 503
* Reference: [this document]
2.3.5. Destination IP Prohibited 2.3.5. Destination IP Prohibited
* Name: destination_ip_prohibited * Name: destination_ip_prohibited
* Description: The intermediary is configured to prohibit * Description: The intermediary is configured to prohibit
connections to the next hop IP address. connections to the next hop IP address.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.3.6. Destination IP Unroutable 2.3.6. Destination IP Unroutable
* Name: destination_ip_unroutable * Name: destination_ip_unroutable
* Description: The intermediary cannot find a route to the next hop * Description: The intermediary cannot find a route to the next hop
IP address. IP address.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.3.7. Connection Refused 2.3.7. Connection Refused
* Name: connection_refused * Name: connection_refused
* Description: The intermediary's connection to the next hop was * Description: The intermediary's connection to the next hop was
refused. refused.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.3.8. Connection Terminated 2.3.8. Connection Terminated
* Name: connection_terminated * Name: connection_terminated
* Description: The intermediary's connection to the next hop was * Description: The intermediary's connection to the next hop was
closed before complete response was received. closed before complete response was received.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.9. Connection Timeout 2.3.9. Connection Timeout
* Name: connection_timeout * Name: connection_timeout
* Description: The intermediary's attempt to open a connection to * Description: The intermediary's attempt to open a connection to
the next hop timed out. the next hop timed out.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
* Reference: [this document]
2.3.10. Connection Read Timeout 2.3.10. Connection Read Timeout
* Name: connection_read_timeout * Name: connection_read_timeout
* Description: The intermediary was expecting data on a connection * Description: The intermediary was expecting data on a connection
(e.g., part of a response), but did not receive any new data in a (e.g., part of a response), but did not receive any new data in a
configured time limit. configured time limit.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.11. Connection Write Timeout 2.3.11. Connection Write Timeout
* Name: connection_write_timeout * Name: connection_write_timeout
* Description: The intermediary was attempting to write data to a * Description: The intermediary was attempting to write data to a
connection, but was not able to (e.g., because its buffers were connection, but was not able to (e.g., because its buffers were
full). full).
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
skipping to change at page 11, line 32 skipping to change at page 12, line 14
* Name: connection_write_timeout * Name: connection_write_timeout
* Description: The intermediary was attempting to write data to a * Description: The intermediary was attempting to write data to a
connection, but was not able to (e.g., because its buffers were connection, but was not able to (e.g., because its buffers were
full). full).
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.12. Connection Limit Reached 2.3.12. Connection Limit Reached
* Name: connection_limit_reached * Name: connection_limit_reached
* Description: The intermediary is configured to limit the number of * Description: The intermediary is configured to limit the number of
connections it has to the next hop, and that limit has been connections it has to the next hop, and that limit has been
passed. passed.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 503 * Recommended HTTP status code: 503
* Reference: [this document]
2.3.13. TLS Protocol Error 2.3.13. TLS Protocol Error
* Name: tls_protocol_error * Name: tls_protocol_error
* Description: The intermediary encountered a TLS error when * Description: The intermediary encountered a TLS error when
communicating with the next hop, either during handshake or communicating with the next hop, either during handshake or
afterwards. afterwards.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
Note that additional information about the error can be recorded in Note that additional information about the error can be recorded in
the details parameter (as is the case for all errors). the details parameter (as is the case for all errors).
2.3.14. TLS Certificate Error 2.3.14. TLS Certificate Error
* Name: tls_certificate_error * Name: tls_certificate_error
* Description: The intermediary encountered an error when verifying * Description: The intermediary encountered an error when verifying
the certificate presented by the next hop. the certificate presented by the next hop.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
Note that additional information about the error can be recorded in Note that additional information about the error can be recorded in
the details parameter (as is the case for all errors). the details parameter (as is the case for all errors).
2.3.15. TLS Alert Received 2.3.15. TLS Alert Received
* Name: tls_alert_received * Name: tls_alert_received
* Description: The intermediary received a TLS alert from the next * Description: The intermediary received a TLS alert from the next
hop. hop.
* Extra Parameters: * Extra Parameters:
- alert-id: an sf-integer containing the applicable value from
the TLS Alerts registry. See {!RFC8446}}.
- alert-message: an sf-token containing the applicable - alert-message: an sf-token containing the applicable
description string from the TLS Alerts registry. description string from the TLS Alerts registry. See
[RFC8446].
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.16. HTTP Request Error 2.3.16. HTTP Request Error
* Name: http_request_error * Name: http_request_error
* Description: The intermediary is generating a client (4xx) * Description: The intermediary is generating a client (4xx)
response on the origin's behalf. Applicable status codes include response on the origin's behalf. Applicable status codes include
(but are not limited to) 400, 403, 405, 406, 408, 411, 413, 414, (but are not limited to) 400, 403, 405, 406, 408, 411, 413, 414,
skipping to change at page 13, line 24 skipping to change at page 14, line 15
* Extra Parameters: * Extra Parameters:
- status-code: an sf-integer containing the generated status - status-code: an sf-integer containing the generated status
code. code.
- status-phrase: an sf-string containing the generated status - status-phrase: an sf-string containing the generated status
phrase. phrase.
* Recommended HTTP status code: The applicable 4xx status code * Recommended HTTP status code: The applicable 4xx status code
* Reference: [this document]
* Notes: This type helps distinguish between responses generated by * Notes: This type helps distinguish between responses generated by
intermediaries from those generated by the origin. intermediaries from those generated by the origin.
2.3.17. HTTP Request Denied 2.3.17. HTTP Request Denied
* Name: http_request_denied * Name: http_request_denied
* Description: The intermediary rejected the HTTP request based on * Description: The intermediary rejected the HTTP request based on
its configuration and/or policy settings. The request wasn't its configuration and/or policy settings. The request wasn't
forwarded to the next hop. forwarded to the next hop.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 403 * Recommended HTTP status code: 403
* Reference: [this document]
2.3.18. HTTP Incomplete Response 2.3.18. HTTP Incomplete Response
* Name: http_response_incomplete * Name: http_response_incomplete
* Description: The intermediary received an incomplete response to * Description: The intermediary received an incomplete response to
the request from the next hop. the request from the next hop.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.19. HTTP Response Header Section Too Large 2.3.19. HTTP Response Header Section Too Large
* Name: http_response_header_section_size * Name: http_response_header_section_size
* Description: The intermediary received a response to the request * Description: The intermediary received a response to the request
whose header section was considered too large. whose header section was considered too large.
* Extra Parameters: * Extra Parameters:
- header-section-size: an sf-integer indicating how large the - header-section-size: an sf-integer indicating how large the
headers received were. Note that they might not be complete; headers received were. Note that they might not be complete;
i.e., the intermediary may have discarded or refused additional i.e., the intermediary may have discarded or refused additional
data. data.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.20. HTTP Response Header Too Large 2.3.20. HTTP Response Header Too Large
* Name: http_response_header_size * Name: http_response_header_size
* Description: The intermediary received a response to the request * Description: The intermediary received a response to the request
containing an individual header line that was considered too containing an individual header line that was considered too
large. large.
skipping to change at page 14, line 42 skipping to change at page 15, line 44
* Extra Parameters: * Extra Parameters:
- header-name: an sf-string indicating the name of the header - header-name: an sf-string indicating the name of the header
that triggered the error. that triggered the error.
- header-size: an sf-integer indicating the size of the header - header-size: an sf-integer indicating the size of the header
that triggered the error. that triggered the error.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.21. HTTP Response Body Too Large 2.3.21. HTTP Response Body Too Large
* Name: http_response_body_size * Name: http_response_body_size
* Description: The intermediary received a response to the request * Description: The intermediary received a response to the request
whose body was considered too large. whose body was considered too large.
* Extra Parameters: * Extra Parameters:
- body-size: an sf-integer indicating how large the body received - body-size: an sf-integer indicating how large the body received
was. Note that it may not have been complete; i.e., the was. Note that it may not have been complete; i.e., the
intermediary may have discarded or refused additional data. intermediary may have discarded or refused additional data.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
skipping to change at page 15, line 11 skipping to change at page 16, line 15
whose body was considered too large. whose body was considered too large.
* Extra Parameters: * Extra Parameters:
- body-size: an sf-integer indicating how large the body received - body-size: an sf-integer indicating how large the body received
was. Note that it may not have been complete; i.e., the was. Note that it may not have been complete; i.e., the
intermediary may have discarded or refused additional data. intermediary may have discarded or refused additional data.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.22. HTTP Response Trailer Section Too Large 2.3.22. HTTP Response Trailer Section Too Large
* Name: http_response_trailer_section_size * Name: http_response_trailer_section_size
* Description: The intermediary received a response to the request * Description: The intermediary received a response to the request
whose trailer section was considered too large. whose trailer section was considered too large.
* Extra Parameters: * Extra Parameters:
- trailer-section-size: an sf-integer indicating how large the - trailer-section-size: an sf-integer indicating how large the
trailers received were. Note that they might not be complete; trailers received were. Note that they might not be complete;
i.e., the intermediary may have discarded or refused additional i.e., the intermediary may have discarded or refused additional
data. data.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.23. HTTP Response Trailer Too Large 2.3.23. HTTP Response Trailer Too Large
* Name: http_response_trailer_size * Name: http_response_trailer_size
* Description: The intermediary received a response to the request * Description: The intermediary received a response to the request
containing an individual trailer line that was considered too containing an individual trailer line that was considered too
large. large.
skipping to change at page 15, line 51 skipping to change at page 17, line 13
* Extra Parameters: * Extra Parameters:
- trailer-name: an sf-string indicating the name of the trailer - trailer-name: an sf-string indicating the name of the trailer
that triggered the error. that triggered the error.
- trailer-size: an sf-integer indicating the size of the trailer - trailer-size: an sf-integer indicating the size of the trailer
that triggered the error. that triggered the error.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.24. HTTP Response Transfer-Coding Error 2.3.24. HTTP Response Transfer-Coding Error
* Name: http_response_transfer_coding * Name: http_response_transfer_coding
* Description: The intermediary encountered an error decoding the * Description: The intermediary encountered an error decoding the
transfer-coding of the response. transfer-coding of the response.
* Extra Parameters: * Extra Parameters:
- coding: an sf-token containing the specific coding that caused - coding: an sf-token containing the specific coding that caused
the error. the error.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.25. HTTP Response Content-Coding Error 2.3.25. HTTP Response Content-Coding Error
* Name: http_response_content_coding * Name: http_response_content_coding
* Description: The intermediary encountered an error decoding the * Description: The intermediary encountered an error decoding the
content-coding of the response. content-coding of the response.
* Extra Parameters: * Extra Parameters:
- coding: an sf-token containing the specific coding that caused - coding: an sf-token containing the specific coding that caused
the error. the error.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.26. HTTP Response Timeout 2.3.26. HTTP Response Timeout
* Name: http_response_timeout * Name: http_response_timeout
* Description: The intermediary reached a configured time limit * Description: The intermediary reached a configured time limit
waiting for the complete response. waiting for the complete response.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 504 * Recommended HTTP status code: 504
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
2.3.27. HTTP Upgrade Failed 2.3.27. HTTP Upgrade Failed
* Name: http_upgrade_failed * Name: http_upgrade_failed
* Description: The HTTP Upgrade between the intermediary and the * Description: The HTTP Upgrade between the intermediary and the
next hop failed. next hop failed.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.3.28. HTTP Protocol Error 2.3.28. HTTP Protocol Error
* Name: http_protocol_error * Name: http_protocol_error
* Description: The intermediary encountered a HTTP protocol error * Description: The intermediary encountered a HTTP protocol error
when communicating with the next hop. This error should only be when communicating with the next hop. This error should only be
used when a more specific one is not defined. used when a more specific one is not defined.
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
* Notes: Responses with this error type might not have been * Notes: Responses with this error type might not have been
generated by the intermediary. generated by the intermediary.
Note that additional information about the error can be recorded in Note that additional information about the error can be recorded in
the details parameter (as is the case for all errors). the details parameter (as is the case for all errors).
2.3.29. Proxy Internal Response 2.3.29. Proxy Internal Response
* Name: proxy_internal_response * Name: proxy_internal_response
* Description: The intermediary generated the response locally, * Description: The intermediary generated the response locally,
without attempting to connect to the next hop (e.g. in response to without attempting to connect to the next hop (e.g. in response to
a request to a debug endpoint terminated at the intermediary). a request to a debug endpoint terminated at the intermediary).
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: * Recommended HTTP status code: The most appropriate status code for
the response
* Reference: [this document]
2.3.30. Proxy Internal Error 2.3.30. Proxy Internal Error
* Name: proxy_internal_error * Name: proxy_internal_error
* Description: The intermediary encountered an internal error * Description: The intermediary encountered an internal error
unrelated to the origin. unrelated to the origin.
* Extra Parameters: None * Extra Parameters: None
* Recommended HTTP status code: 500 * Recommended HTTP status code: 500
* Reference: [this document]
Note that additional information about the error can be recorded in Note that additional information about the error can be recorded in
the details parameter (as is the case for all errors). the details parameter (as is the case for all errors).
2.3.31. Proxy Configuration Error 2.3.31. Proxy Configuration Error
* Name: proxy_configuration_error * Name: proxy_configuration_error
* Description: The intermediary encountered an error regarding its * Description: The intermediary encountered an error regarding its
configuration. configuration.
* Extra Parameters: None * Extra Parameters: None
* Recommended HTTP status code: 500 * Recommended HTTP status code: 500
* Reference: [this document]
Note that additional information about the error can be recorded in Note that additional information about the error can be recorded in
the details parameter (as is the case for all errors). the details parameter (as is the case for all errors).
2.3.32. Proxy Loop Detected 2.3.32. Proxy Loop Detected
* Name: proxy_loop_detected * Name: proxy_loop_detected
* Description: The intermediary tried to forward the request to * Description: The intermediary tried to forward the request to
itself, or a loop has been detected using different means (e.g. itself, or a loop has been detected using different means (e.g.
[RFC8586]). [RFC8586]).
* Extra Parameters: None. * Extra Parameters: None.
* Recommended HTTP status code: 502 * Recommended HTTP status code: 502
* Reference: [this document]
2.4. Defining New Proxy Error Types 2.4. Defining New Proxy Error Types
New Proxy Error Types can be defined by registering them in the HTTP New Proxy Error Types can be defined by registering them in the HTTP
Proxy Error Types registry. Proxy Error Types registry.
Registration requests are reviewed and approved by a Designated Registration requests are reviewed and approved by Expert Review, as
Expert, as per [RFC8126], Section 4.5. A specification document is per [RFC8126], Section 4.5. A specification document is appreciated,
appreciated, but not required. but not required.
The Expert(s) should consider the following factors when evaluating The Expert(s) should consider the following factors when evaluating
requests: requests:
* Community feedback * Community feedback
* If the value is sufficiently well-defined * If the value is sufficiently well-defined
* Generic types are preferred over vendor-specific, application- * Generic types are preferred over vendor-specific, application-
specific or deployment-specific values. If a generic value cannot specific or deployment-specific values. If a generic value cannot
be agreed upon in the community, the types's name should be be agreed upon in the community, the types's name should be
correspondingly specific (e.g., with a prefix that identifies the correspondingly specific (e.g., with a prefix that identifies the
vendor, application or deployment). vendor, application or deployment).
* Extra Parameters should not conflict with registered Proxy-Status * Extra Parameters should not conflict with registered Proxy-Status
parameters. parameters.
Registration requests should use the following template: Registration requests should use the following template:
skipping to change at page 19, line 26 skipping to change at page 21, line 11
* Description: [a description of the conditions that generate the * Description: [a description of the conditions that generate the
Proxy Error Type] Proxy Error Type]
* Extra Parameters: [zero or more optional parameters, along with * Extra Parameters: [zero or more optional parameters, along with
their allowable type(s)] their allowable type(s)]
* Recommended HTTP status code: [the appropriate HTTP status code * Recommended HTTP status code: [the appropriate HTTP status code
for this entry] for this entry]
* Reference: [to a specification defining this error type; optional]
* Notes: [optional] * Notes: [optional]
If the Proxy Error Type might occur in responses that are not If the Proxy Error Type might occur in responses that are not
generated by the intermediary -- for example, when the error is generated by the intermediary -- for example, when the error is
detected during response content processing and a Proxy-Status detected during response content processing and a Proxy-Status
trailer field is appended -- that SHOULD be explained in the Notes. trailer field is appended -- that SHOULD be explained in the Notes.
See the registry at https://iana.org/assignments/http-proxy-status See the registry at https://iana.org/assignments/http-proxy-status
(https://iana.org/assignments/http-proxy-status) for details on where (https://iana.org/assignments/http-proxy-status) for details on where
to send registration requests. to send registration requests.
3. IANA Considerations 3. IANA Considerations
Upon publication, please create the HTTP Proxy-Status Parameters Upon publication, please create the HTTP Proxy-Status Parameters
registry and the HTTP Proxy Error Types registry at registry and the HTTP Proxy Error Types registry at
https://iana.org/assignments/http-proxy-statuses https://iana.org/assignments/http-proxy-status
(https://iana.org/assignments/http-proxy-statuses) and populate them (https://iana.org/assignments/http-proxy-status) and populate them
with the types defined in Section 2.1 and Section 2.3 respectively; with the types defined in Section 2.1 and Section 2.3 respectively;
see Section 2.2 and Section 2.4 for its associated procedures. see Section 2.2 and Section 2.4 for its associated procedures.
4. Security Considerations 4. Security Considerations
One of the primary security concerns when using Proxy-Status is One of the primary security concerns when using Proxy-Status is
leaking information that might aid an attacker. For example, leaking information that might aid an attacker. For example,
information about the intermediary's configuration and back-end information about the intermediary's configuration and back-end
topology can be exposed. topology can be exposed.
skipping to change at page 20, line 49 skipping to change at page 22, line 37
[RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan, [RFC7301] Friedl, S., Popov, A., Langley, A., and E. Stephan,
"Transport Layer Security (TLS) Application-Layer Protocol "Transport Layer Security (TLS) Application-Layer Protocol
Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301,
July 2014, <https://www.rfc-editor.org/rfc/rfc7301>. July 2014, <https://www.rfc-editor.org/rfc/rfc7301>.
[RFC8914] Kumari, W., Hunt, E., Arends, R., Hardaker, W., and D. [RFC8914] Kumari, W., Hunt, E., Arends, R., Hardaker, W., and D.
Lawrence, "Extended DNS Errors", RFC 8914, Lawrence, "Extended DNS Errors", RFC 8914,
DOI 10.17487/RFC8914, October 2020, DOI 10.17487/RFC8914, October 2020,
<https://www.rfc-editor.org/rfc/rfc8914>. <https://www.rfc-editor.org/rfc/rfc8914>.
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018,
<https://www.rfc-editor.org/rfc/rfc8446>.
5.2. Informative References 5.2. Informative References
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/rfc/rfc5234>. <https://www.rfc-editor.org/rfc/rfc5234>.
[RFC8586] Ludin, S., Nottingham, M., and N. Sullivan, "Loop [RFC8586] Ludin, S., Nottingham, M., and N. Sullivan, "Loop
Detection in Content Delivery Networks (CDNs)", RFC 8586, Detection in Content Delivery Networks (CDNs)", RFC 8586,
DOI 10.17487/RFC8586, April 2019, DOI 10.17487/RFC8586, April 2019,
 End of changes. 56 change blocks. 
53 lines changed or deleted 134 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/