up arrow Siege 3.0.4 Becomes Part of the Problem

Siege 3.0.4 was just released. It contains a feature that I’ve added with a certain amount of reluctance. To understand the feature and the reason for my trepidation, let’s visit RFC 2616 and read what it has to say about Location headers:

For 3xx responses, the location SHOULD indicate the server's
preferred URI for automatic redirection to the resource. The 
field value consists of a single absolute URI.
    Location = "Location" ":" absoluteURI
An example is:
    Location: http://www.w3.org/pub/WWW/People.html

That’s pretty clear, right? The value of a location header must be an absolute URI. Yet a large number of developers ignore that directive. Here’s the response from a server running SquirrelMail, a popular web-based email program:

     HTTP/1.1 302 Found
     Date: Tue, 17 Sep 2013 16:50:52 GMT
     Server: CERN/1.0A
     X-Powered-By: PHP/5.2.5
     Location: src/login.php
     Content-Length: 0
     Connection: close
     Content-Type: text/html; charset=WINDOWS-1251

Although that Location header violates RFC 2616, nearly every web client will follow it to SquirrelMail’s intended destination. I say “nearly every client.” Until version 3.0.4, siege wouldn’t have followed it any where. It would have scratched its head and said, “Fsck it. Next URL.”

It is with some reluctance that I’ve included siege in the community of clients that allow developers to circumvent established standards. This convention has created a slew of bad coding practices on the world wide web. Didn’t close a table with an end tag? That’s okay, M$ will close it for you. Used a relative URI in a Location header? Don’t worry, siege will normalize it for you.

Ironically, version 3.0.4 includes one other feature enhancement. Its default User-agent is now in full compliance with RFC 2616. You win some, you lose some. And so it goes….

  • Agustin

    I am trying to GET the following URL which requires login-url first:

    $ siege -g http://localhost:8080/diaulos/sports
    POST /diaulos/login HTTP/1.0
    Host: localhost:8080
    Accept: */*
    … (lines omitted)

    HTTP/1.1 200 OK
    Server: Apache-Coyote/1.1
    … (lines omitted)

    GET /diaulos/sports HTTP/1.0
    Host: localhost:8080
    … (lines omitted)

    HTTP/1.1 302 Found
    Server: Apache-Coyote/1.1
    Location: http://localhost:8080/diaulos/login
    … (lines omitted)

    GET /http://localhost:8080/diaulos/login HTTP/1.0
    Host: localhost:8080
    … (lines omitted)

    HTTP/1.1 404 Not Found
    Server: Apache-Coyote/1.1
    … (lines omitted)

    As you can see, after the login-url, it hits the /diaulos/sports page. But then it tries to GET /http://…

    What am I missing here?

    Thanks for your help.

    • http://joedog Jeff Fulmer

      Well you’re not missing something but that web server probably is. According to the RFC, the host header MAY contain a port designation. I suspect yours is ignoring that. We can test this theory with the latest beta:


      Let me know how that works for you….

  • http://waca.ru George

    Hello, Jeff.

    siege 3.0.4 (and 3.0.5beta)
    Archlinux, Linux archworkhost 3.11.4-1-ARCH #1 SMP PREEMPT Sat Oct 5 21:22:51 CEST 2013 x86_64 GNU/Linux

    For POST-requests siege puts into headers double space between ‘url request’ and ‘protocol version’. It happens when url does end by ‘/’.

    $ siege -g -c 1 -t 2S –content-type=’application/json’ ‘ POST {“test”=”data”}’
    POST / HTTP/1.0 # 50 4F 53 54 20 2F 20 20 48 54 54 50 2F 31 2E 30
    Accept: */*
    User-Agent: Mozilla/5.0 (unknown-x86_64-linux-gnu) Siege/3.0.4
    Connection: close
    Content-type: application/x-www-form-urlencoded
    Content-length: 15

    And it ignores –content-type.

    Can you check this behaviour?

  • http://waca.ru George

    Thank you for this splendid utility.

    Can you add feature – parameter for ‘increase number of concurrent users every N seconds’? For example:
    $ siege -c 10 –increase-concurrent=5 –increase-period=10s –max-concurrent=150 http://some.url/here/
       – every 10 seconds number of concurrent users increases on 5, but number can’t be greater than 150.