tags:

views:

153

answers:

1
+2  Q: 

Is data sent via HTTP POST when the Server does not exist?

I work for a large-ish advertising company. We've created a very lightweight clone of the PayPal IPN so we can offer CC Processing services for our top advertisers.

Like the PP IPN, it's a simple RESTful interface.

I deliberately instructed our admin guys to configure the vhost for this web app to only respond to requests on port 443.

This particular question is beyond my HTTP Protocol knowledge:

This may vary from browser to browser, but when a user submits a form, and the ACTION for that form is, say http://www.somesite.com, if the browser cannot resolve that site, does the post payload ever get sent over the wire?

I know this is a bit esoteric and it's more of an implementation question than something that exists in the HTTP RFC (as far as I could tell). Any takers?

+6  A: 

Before sending any data the browser needs to open a TCP connection to the target site. Since this connection to the target site cannot be opened in the first place, no data can be sent.

Update (Thanks for the hint in the comments): Use HTTP-Requests like POST to avoid sending data over the wire which could be intercepted by proxies before the existence of the target could be checked. With proxies the TCP-connection is always established successfully and the HTTP-request-header is sent to it. The POST-request contains the additional data in his request-body which should be sent only if the request header returns no error. Nevertheless, the implementation of proxies differ and I cannot guarantee that there is no proxy which returns an error if the target-site is non-existing. But in such a case I don't know any way where you could avoid sending the complete data over the wire...

Kosi2801  2009-01-29 16:10:25
What about proxies? The client will have no problem connecting in that case.
innaM  2009-02-01 09:42:10
True. But when proxying HTTP-posts the proxy would have to cache all the post-data (which can reach several MBs) before it passes it on to the non-existing target. As this would be very inefficient I doubt that it works that way. Haven't found a documentation on how it works in detail tough...
Kosi2801  2009-02-01 15:54:47
The HTTP-request is split in header and body. The header is send first, when no error returns (ie. the proxy couldn't connect the target), the body is send afterwards. POST-requests hold the data in the request-body so use these to avoid sending data over the line to non-existing servers.
Kosi2801  2009-02-01 16:28:13
Thanks for clearing this up.
innaM  2009-02-03 08:50:59
Kos: It's been a while, but I wanted to thank you for your help with this. It settled an internal debate between myself and our release manager :) At the end of the day, it's our customers job to implement our API correctly, I just believe in setting people up for success.
Encoderer  2009-02-04 05:59:40

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.