The "robustness principle" says "Be liberal in what you accept, and conservative in what you send", however this principle makes problems difficult to spot during development, allowing potentially serious mistakes to make it to production. We highlight some of those potential problems, and show new techniques provided by the Apache httpd server to help catch them before reaching production.
The RFCs that power the web follow the "robustness principle", which says "Be liberal in what you accept, and conservative in what you send", and as a result, the infrastructure that powers the web is highly tolerant of misconfiguration, or lack of support for features such as conditional requests or caching.
At the same time, the caching and conditional request features can in some cases make a massive difference to the performance of a website or web service, to the point where a sudden disappearance or disablement of those features could be fatal to a busy site or system under load.
While the "robustness principle" is designed to make the web tolerant of mistakes, this same principle makes it easy for such a mistake to slip past developers and testers and make it to a live production environment unintentionally, triggering outages. This talk aims to highlight some of these potential mistakes, how they could occur and what the possible consequences are of those mistakes.
At the same time, we highlight new functionality within mod_cache in an Apache httpd v2.4 reverse proxy, as well as up-and-coming functionality in the form of mod_policy for Apache httpd trunk, that allows an administrator to police RFC compliance, detect key types of misconfiguration, or outright reject requests that do not meet a minimum standard of RFC compliance. In turn, mistakes are easier to detect and correct in development and testing before reaching production.