HTTP/1.1 request without Host header should be reported with 400 (Bad request) ------------------------------------------------------------------------------ Key: WFLY-7144 URL: https://issues.jboss.org/browse/WFLY-7144 Project: WildFly Issue Type: Bug Components: Web (Undertow) Reporter: Stuart Douglas Assignee: Stuart Douglas For a HTTP/1.1 client request there is requirement that it has defined Host header either with empty or non-empty value, see RFC 2616 [here|https://tools.ietf.org/html/rfc2616#section-14.23], [here|https://tools.ietf.org/html/rfc2616#section-5.2] and [here|https://tools.ietf.org/html/rfc2616#section-19.6.1.1]. If client performs the HTTP/1.1 request with no Host header defined, server MUST response with 400 (Bad request): {quote} Servers MUST report a 400 (Bad Request) error if an HTTP/1.1 request does not include a Host request-header. {quote} Currently EAP7 response with actual page content when HTTP/1.1 request without Host header is performed, try: {code} telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET / HTTP/1.1 {code} Expected behaviour: server respondes with 400 (Bad request) as specification says so.