RE: Dropping connection instead of returning 400

[christopher () baus net]

> Sounds like a good idea to me, but of course what are the dependencies
> on returning a proper 400 ?  Could break things down the road.
>
> Instead of sending a RST, may want to consider just dropping the
> connection altogether as well.  I'm a big fan of just hanging the
> connect, instead of resetting . Just adds another layer of pain
> (althought admittedly slight)  to whomever's perputrating the fraud.
I spent the better part of the weekend implementing 400s.  I don't like
that it adds so much complexity to the implementation, but I've realized
that has to be at least optional.  The proxy is setup to reject perfectly
valid requests that don't meet certain criteria.  I could understand why
admins would want to send an error in this situations.

The other thing I want to point out is that google doesn't bother sending
400s when the start line is hosed.  I tend to agree with google.  If the
client can't send a decent start line, is it worth responding to?