I have set up an HTTP server for an embedded system to communicate with a known non-malicious remote client application.
I have had to disable keep-alive support on my server, as the remote client application always requests keep-alive but never reuses the connection. Instead, the client opens a new connection for each request and leaves the old one open indefinitely.
For example:
Client sends:
POST /my_server_path HTTP/1.1
accept: text/plain, */*; q=0.01
accept-encoding: gzip
connection: keep-alive
content-length: 4
content-type: application/x-www-form-urlencoded;charset=UTF-8
host: some_host:1234
origin: https://the_origin.com
test
My server responds with:
HTTP/1.1 200 OK
access-control-allow-headers: post-body
access-control-allow-origin: https://the_origin.com
allow: POST, OPTIONS
connection: keep-alive
content-length: 4
content-type: text/html
date: Mon, 01 Feb 2018 15:00:00 GMT
server: MyServer/1.0
test
While my HTTP server supports closing stale connections, I have started sending Connection: closed
for every request to reduce the load on the system.
Is this behavior normal, am I missing something, or am I correct in assuming this is a bug with the remote client application?
Best Answer
While not nice, the client is free to close the connection and use another one. Of course it is silly from it to request a keep-alive and then not use it, so you can target it as a bug, but it is still something that can happen. It may also be related to a proxy in the path.
See RFC 7230 and note the "MAY":
This is why the server should not keep too many open keep-alive connections for a too long time. It can signal its policy to the client with the
Keep-Alive
header.See the
max
andtimeout
parameter explained in https://tools.ietf.org/id/draft-thomson-hybi-http-timeout-01.html