When you fully grasp this, you will be able to work more smoothly….

Bad Behavior blocks every single person behind a local, manual, or invisible (ISP) proxy that uses TE Headers via a client that properly supports them. This patch has been out forever now, but I guess blocking tens (hundreds??) of thousands of users isn’t enough to warrant an update.

Now, granted proxies should not be passing through TE headers unless they themselves support TE (in which case the TE token would appear in the Connection header and the Bad Behavior check would catch that as correct behaviour) or if they do they shouldn’t report themselves as HTTP/1.1 (HTTP/1.0 proxies wouldn’t know any better) and Opera prudently doesn’t use TE on any connection until after that connection is shown to support 1.1.

However it was precisely because TE headers and other as-yet-unspecified headers with point-to-point semantics (as opposed to headers intended to be passed all the way through to the server and back – or to appear to have done so should the proxy serve the request with its own cache) could get written through incorrectly that RFC 2616 has the rule about insisting that it should be mentioned in the Connection header.

Hence:

1. Opera does the right thing.

2. Proxy does the wrong thing, possibly due to being built before HTTP/1.1 was finalised, more likely just a bug.

3. RFC2616 is written with foresight and therefore contains a mechanism for servers to catch this and not use the transfer-encoding in question.

4. Bad Behavior deliberately undoes that foresight by blocking the requests.

All I want to say is that, to those sites who won’t let me in, “you lost a customer”.

I’m such a ‘real’ user, not behind any proxy, but I am on the RIPE network. If that is considered a proxy then that may be it – but then in that case I’d leave it, since I get much traffic from Europe – a great part of which is RIPE.

I doubt it’s RIPE, and as a matter of fact, that letter doesn’t explain too much:
i.e. why does it only happen with Opera and not IE or FF if it is indeed the proxy server at fault.

I am a developer at Opera Software ASA, the company developing the Opera browser. One of the areas I am working with is our HTTP support.

I’ve recently noticed a few reports about users getting “Precondition failed” when trying to visit sites using your “Bad behaviour” package (see e.g. http://my.opera.com/community/forums/topic.dml?id=113252 ) . The most recent case involved the blog of one of our own employees, who just announced that he had disabled “Bad Behaviour” because of the difficulties, and implemented different antispam countermeasures.

According to one report our use of the “TE” header may be involved, and that the cause of the problem is that the TE header is not listed in the “Connection” header.

As far as Opera is concerned, the TE header is properly identified in the “Connection” header when requests are sent from us.

If, indeed, a missing TE entry in the Connection header is the cause of the problem, the entry went missing in transit, and one possibility is a non-compliant proxy.

However, in at least one case the user stated that he did not use a proxy (although a transparent proxy is a possibility, and I know utilities like Google Desktop Search have messed up our pipelined connections before), but there are several other reports indicating that proxies, in particular privacy and adbuster filtering proxies (which, as far as I am concerned, are notorius for bad behaviour with respect to HTTP 1.1 and pipelining) are involved.

FYI, I might add that Opera will not use HTTP 1.1 on the first request to a proxy, and will only use HTTP 1.1 and pipelining against proxies in requests if the proxy responds with a HTTP 1.1 version response and HTTP 1.1 is enabled for proxies by the user. Also, we do not send the TE header to servers that we don’t know are HTTP 1.1 capable, which means that the first request to a server will not contain the TE header….

–Sincerely,
Yngve N. Pettersen

If you disable HTTP/1.1 for proxies, that should take care of the problem.

If not, feel free to send me log entries and I’ll investigate further. Your messages did not include any log entries showing that any legitimate users had been blocked.

It does, however, block Opera users who are behind certain misconfigured proxy servers.

As such, you should fix the proxy server, as Bad Behavior is not broken.