I have set up an HTTP server for an embedded system to communicate with a known non-malicious remote client application.
I have had to disable keep-alive support on my server, as the remote client application always requests keep-alive but never reuses the connection. Instead, the client opens a new connection for each request and leaves the old one open indefinitely.
For example:
Client sends:
POST /my_server_path HTTP/1.1
accept: text/plain, */*; q=0.01
accept-encoding: gzip
connection: keep-alive
content-length: 4
content-type: application/x-www-form-urlencoded;charset=UTF-8
host: some_host:1234
origin: https://the_origin.com
test
My server responds with:
HTTP/1.1 200 OK
access-control-allow-headers: post-body
access-control-allow-origin: https://the_origin.com
allow: POST, OPTIONS
connection: keep-alive
content-length: 4
content-type: text/html
date: Mon, 01 Feb 2018 15:00:00 GMT
server: MyServer/1.0
test
While my HTTP server supports closing stale connections, I have started sending Connection: closed
for every request to reduce the load on the system.
Is this behavior normal, am I missing something, or am I correct in assuming this is a bug with the remote client application?