HTTPbis Working Group                                   R. Fielding, Ed.
Internet-Draft                                                     Adobe
Obsoletes: 2616 (if approved)                              Y. Lafon, Ed.
Intended status: Standards Track                                     W3C
Expires: September 13, 2012                              J. Reschke, Ed.
                                                              greenbytes
                                                          March 12, 2012


         HTTP/1.1, part 5: Range Requests and Partial Responses
                     draft-ietf-httpbis-p5-range-19

Abstract

   The Hypertext Transfer Protocol (HTTP) is an application-level
   protocol for distributed, collaborative, hypertext information
   systems.  HTTP has been in use by the World Wide Web global
   information initiative since 1990.  This document is Part 5 of the
   seven-part specification that defines the protocol referred to as
   "HTTP/1.1" and, taken together, obsoletes RFC 2616.

   Part 5 defines range-specific requests and the rules for constructing
   and combining responses to those requests.

Editorial Note (To be removed by RFC Editor)

   Discussion of this draft should take place on the HTTPBIS working
   group mailing list (ietf-http-wg@w3.org), which is archived at
   <http://lists.w3.org/Archives/Public/ietf-http-wg/>.

   The current issues list is at
   <http://tools.ietf.org/wg/httpbis/trac/report/3> and related
   documents (including fancy diffs) can be found at
   <http://tools.ietf.org/wg/httpbis/>.

   The changes in this draft are summarized in Appendix D.20.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months



Fielding, et al.       Expires September 13, 2012               [Page 1]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 13, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  4
     1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  5
       1.2.1.  Core Rules . . . . . . . . . . . . . . . . . . . . . .  5
       1.2.2.  ABNF Rules defined in other Parts of the
               Specification  . . . . . . . . . . . . . . . . . . . .  5
   2.  Range Units  . . . . . . . . . . . . . . . . . . . . . . . . .  5
     2.1.  Range Specifier Registry . . . . . . . . . . . . . . . . .  6
   3.  Status Code Definitions  . . . . . . . . . . . . . . . . . . .  6
     3.1.  206 Partial Content  . . . . . . . . . . . . . . . . . . .  6
     3.2.  416 Requested Range Not Satisfiable  . . . . . . . . . . .  7
   4.  Responses to a Range Request . . . . . . . . . . . . . . . . .  7
     4.1.  Response to a Single and Multiple Ranges Request . . . . .  7



Fielding, et al.       Expires September 13, 2012               [Page 2]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


     4.2.  Combining Ranges . . . . . . . . . . . . . . . . . . . . .  8
   5.  Header Field Definitions . . . . . . . . . . . . . . . . . . .  9
     5.1.  Accept-Ranges  . . . . . . . . . . . . . . . . . . . . . .  9
     5.2.  Content-Range  . . . . . . . . . . . . . . . . . . . . . . 10
     5.3.  If-Range . . . . . . . . . . . . . . . . . . . . . . . . . 11
     5.4.  Range  . . . . . . . . . . . . . . . . . . . . . . . . . . 12
       5.4.1.  Byte Ranges  . . . . . . . . . . . . . . . . . . . . . 12
       5.4.2.  Range Retrieval Requests . . . . . . . . . . . . . . . 14
   6.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 15
     6.1.  Status Code Registration . . . . . . . . . . . . . . . . . 15
     6.2.  Header Field Registration  . . . . . . . . . . . . . . . . 15
     6.3.  Range Specifier Registration . . . . . . . . . . . . . . . 16
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 16
     7.1.  Overlapping Ranges . . . . . . . . . . . . . . . . . . . . 16
   8.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 16
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 16
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 17
   Appendix A.  Internet Media Type multipart/byteranges  . . . . . . 17
   Appendix B.  Changes from RFC 2616 . . . . . . . . . . . . . . . . 20
   Appendix C.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 21
   Appendix D.  Change Log (to be removed by RFC Editor before
                publication)  . . . . . . . . . . . . . . . . . . . . 22
     D.1.  Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 22
     D.2.  Since draft-ietf-httpbis-p5-range-00 . . . . . . . . . . . 22
     D.3.  Since draft-ietf-httpbis-p5-range-01 . . . . . . . . . . . 22
     D.4.  Since draft-ietf-httpbis-p5-range-02 . . . . . . . . . . . 22
     D.5.  Since draft-ietf-httpbis-p5-range-03 . . . . . . . . . . . 23
     D.6.  Since draft-ietf-httpbis-p5-range-04 . . . . . . . . . . . 23
     D.7.  Since draft-ietf-httpbis-p5-range-05 . . . . . . . . . . . 23
     D.8.  Since draft-ietf-httpbis-p5-range-06 . . . . . . . . . . . 23
     D.9.  Since draft-ietf-httpbis-p5-range-07 . . . . . . . . . . . 24
     D.10. Since draft-ietf-httpbis-p5-range-08 . . . . . . . . . . . 24
     D.11. Since draft-ietf-httpbis-p5-range-09 . . . . . . . . . . . 24
     D.12. Since draft-ietf-httpbis-p5-range-10 . . . . . . . . . . . 24
     D.13. Since draft-ietf-httpbis-p5-range-11 . . . . . . . . . . . 24
     D.14. Since draft-ietf-httpbis-p5-range-12 . . . . . . . . . . . 25
     D.15. Since draft-ietf-httpbis-p5-range-13 . . . . . . . . . . . 25
     D.16. Since draft-ietf-httpbis-p5-range-14 . . . . . . . . . . . 25
     D.17. Since draft-ietf-httpbis-p5-range-15 . . . . . . . . . . . 25
     D.18. Since draft-ietf-httpbis-p5-range-16 . . . . . . . . . . . 25
     D.19. Since draft-ietf-httpbis-p5-range-17 . . . . . . . . . . . 25
     D.20. Since draft-ietf-httpbis-p5-range-18 . . . . . . . . . . . 25
   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26







Fielding, et al.       Expires September 13, 2012               [Page 3]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


1.  Introduction

   HTTP clients often encounter interrupted data transfers as a result
   of cancelled requests or dropped connections.  When a client has
   stored a partial representation, it is desirable to request the
   remainder of that representation in a subsequent request rather than
   transfer the entire representation.  There are also a number of Web
   applications that benefit from being able to request only a subset of
   a larger representation, such as a single page of a very large
   document or only part of an image to be rendered by a device with
   limited local storage.

   This document defines HTTP/1.1 range requests, partial responses, and
   the multipart/byteranges media type.  The protocol for range requests
   is an OPTIONAL feature of HTTP, designed so resources or recipients
   that do not implement this feature can respond as if it is a normal
   GET request without impacting interoperability.  Partial responses
   are indicated by a distinct status code to not be mistaken for full
   responses by intermediate caches that might not implement the
   feature.

   Although the HTTP range request mechanism is designed to allow for
   extensible range types, this specification only defines requests for
   byte ranges.

1.1.  Conformance and Error Handling

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

   This document defines conformance criteria for several roles in HTTP
   communication, including Senders, Recipients, Clients, Servers, User-
   Agents, Origin Servers, Intermediaries, Proxies and Gateways.  See
   Section 2 of [Part1] for definitions of these terms.

   An implementation is considered conformant if it complies with all of
   the requirements associated with its role(s).  Note that SHOULD-level
   requirements are relevant here, unless one of the documented
   exceptions is applicable.

   This document also uses ABNF to define valid protocol elements
   (Section 1.2).  In addition to the prose requirements placed upon
   them, Senders MUST NOT generate protocol elements that are invalid.

   Unless noted otherwise, Recipients MAY take steps to recover a usable
   protocol element from an invalid construct.  However, HTTP does not
   define specific error handling mechanisms, except in cases where it



Fielding, et al.       Expires September 13, 2012               [Page 4]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   has direct impact on security.  This is because different uses of the
   protocol require different error handling strategies; for example, a
   Web browser may wish to transparently recover from a response where
   the Location header field doesn't parse according to the ABNF,
   whereby in a systems control protocol using HTTP, this type of error
   recovery could lead to dangerous consequences.

1.2.  Syntax Notation

   This specification uses the Augmented Backus-Naur Form (ABNF)
   notation of [RFC5234] with the list rule extension defined in Section
   1.2 of [Part1].  Appendix C shows the collected ABNF with the list
   rule expanded.

   The following core rules are included by reference, as defined in
   [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
   (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
   HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
   sequence of data), SP (space), and VCHAR (any visible US-ASCII
   character).

   Note that all rules derived from token are to be compared case-
   insensitively, like range-unit and acceptable-ranges.

1.2.1.  Core Rules

   The core rules below are defined in [Part1] and [Part2]:

     OWS        = <OWS, defined in [Part1], Section 3.2.1>
     token      = <token, defined in [Part1], Section 3.2.4>
     HTTP-date  = <HTTP-date, defined in [Part2], Section 8>

1.2.2.  ABNF Rules defined in other Parts of the Specification

   The ABNF rules below are defined in other parts:

     entity-tag = <entity-tag, defined in [Part4], Section 2.3>

2.  Range Units

   HTTP/1.1 allows a client to request that only part (a range) of the
   representation be included within the response.  HTTP/1.1 uses range
   units in the Range (Section 5.4) and Content-Range (Section 5.2)
   header fields.  A representation can be broken down into subranges
   according to various structural units.

     range-unit       = bytes-unit / other-range-unit
     bytes-unit       = "bytes"



Fielding, et al.       Expires September 13, 2012               [Page 5]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


     other-range-unit = token

   HTTP/1.1 has been designed to allow implementations of applications
   that do not depend on knowledge of ranges.  The only range unit
   defined by HTTP/1.1 is "bytes".  Additional specifiers can be defined
   as described in Section 2.1.

   If a range unit is not understood in a request, a server MUST ignore
   the whole Range header field (Section 5.4).  If a range unit is not
   understood in a response, an intermediary SHOULD pass the response to
   the client; a client MUST fail.

2.1.  Range Specifier Registry

   The HTTP Range Specifier Registry defines the name space for the
   range specifier names.

   Registrations MUST include the following fields:

   o  Name

   o  Description

   o  Pointer to specification text

   Values to be added to this name space require IETF Review (see
   [RFC5226], Section 4.1).

   The registry itself is maintained at
   <http://www.iana.org/assignments/http-range-specifiers>.

3.  Status Code Definitions

3.1.  206 Partial Content

   The server has fulfilled the partial GET request for the resource.
   The request MUST have included a Range header field (Section 5.4)
   indicating the desired range, and MAY have included an If-Range
   header field (Section 5.3) to make the request conditional.

   The response MUST include the following header fields:

   o  Either a Content-Range header field (Section 5.2) indicating the
      range included with this response, or a multipart/byteranges
      Content-Type including Content-Range fields for each part.  If a
      Content-Length header field is present in the response, its value
      MUST match the actual number of octets transmitted in the message
      body.



Fielding, et al.       Expires September 13, 2012               [Page 6]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   o  Date

   o  Cache-Control, ETag, Expires, Content-Location, Last-Modified,
      and/or Vary, if the header field would have been sent in a 200
      response to the same request

   If the 206 response is the result of an If-Range request, the
   response SHOULD NOT include other representation header fields.
   Otherwise, the response MUST include all of the representation header
   fields that would have been returned with a 200 (OK) response to the
   same request.

   Caches MAY use a heuristic (see Section 2.3.1.1 of [Part6]) to
   determine freshness for 206 responses.

3.2.  416 Requested Range Not Satisfiable

   A server SHOULD return a response with this status code if a request
   included a Range header field (Section 5.4), and none of the ranges-
   specifier values in this field overlap the current extent of the
   selected resource, and the request did not include an If-Range header
   field (Section 5.3).  (For byte-ranges, this means that the first-
   byte-pos of all of the byte-range-spec values were greater than the
   current length of the selected resource.)

   When this status code is returned for a byte-range request, the
   response SHOULD include a Content-Range header field specifying the
   current length of the representation (see Section 5.2).  This
   response MUST NOT use the multipart/byteranges content-type.  For
   example,

     HTTP/1.1 416 Requested Range Not Satisfiable
     Date: Mon, 20 Jan 2012 15:41:54 GMT
     Content-Range: bytes */47022
     Content-Type: image/gif

      Note: Clients cannot depend on servers to send a 416 (Requested
      range not satisfiable) response instead of a 200 (OK) response for
      an unsatisfiable Range header field, since not all servers
      implement this header field.

4.  Responses to a Range Request

4.1.  Response to a Single and Multiple Ranges Request

   When an HTTP message includes the content of a single range (for
   example, a response to a request for a single range, or to a request
   for a set of ranges that overlap without any holes), this content is



Fielding, et al.       Expires September 13, 2012               [Page 7]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   transmitted with a Content-Range header field, and a Content-Length
   header field showing the number of bytes actually transferred.  For
   example,

     HTTP/1.1 206 Partial Content
     Date: Wed, 15 Nov 1995 06:25:24 GMT
     Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
     Content-Range: bytes 21010-47021/47022
     Content-Length: 26012
     Content-Type: image/gif

   When an HTTP message includes the content of multiple ranges (for
   example, a response to a request for multiple non-overlapping
   ranges), these are transmitted as a multipart message.  The multipart
   media type used for this purpose is "multipart/byteranges" as defined
   in Appendix A.

   A server MAY combine requested ranges when those ranges are
   overlapping (see Section 7).

   A response to a request for a single range MUST NOT be sent using the
   multipart/byteranges media type.  A response to a request for
   multiple ranges, whose result is a single range, MAY be sent as a
   multipart/byteranges media type with one part.  A client that cannot
   decode a multipart/byteranges message MUST NOT ask for multiple
   ranges in a single request.

   When a client requests multiple ranges in one request, the server
   SHOULD return them in the order that they appeared in the request.

4.2.  Combining Ranges

   A response might transfer only a subrange of a representation if the
   connection closed prematurely or if the request used one or more
   Range specifications.  After several such transfers, a client might
   have received several ranges of the same representation.  These
   ranges can only be safely combined if they all have in common the
   same strong validator, where "strong validator" is defined to be
   either an entity-tag that is not marked as weak (Section 2.3 of
   [Part4]) or, if no entity-tag is provided, a Last-Modified value that
   is strong in the sense defined by Section 2.2.2 of [Part4].

   When a client receives an incomplete 200 (OK) or 206 (Partial
   Content) response and already has one or more stored responses for
   the same method and effective request URI, all of the stored
   responses with the same strong validator MAY be combined with the
   partial content in this new response.  If none of the stored
   responses contain the same strong validator, then this new response



Fielding, et al.       Expires September 13, 2012               [Page 8]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   corresponds to a new representation and MUST NOT be combined with the
   existing stored responses.

   If the new response is an incomplete 200 (OK) response, then the
   header fields of that new response are used for any combined response
   and replace those of the matching stored responses.

   If the new response is a 206 (Partial Content) response and at least
   one of the matching stored responses is a 200 (OK), then the combined
   response header fields consist of the most recent 200 response's
   header fields.  If all of the matching stored responses are 206
   responses, then the stored response with the most header fields is
   used as the source of header fields for the combined response, except
   that the client MUST use other header fields provided in the new
   response, aside from Content-Range, to replace all instances of the
   corresponding header fields in the stored response.

   The combined response message body consists of the union of partial
   content ranges in the new response and each of the selected
   responses.  If the union consists of the entire range of the
   representation, then the combined response MUST be recorded as a
   complete 200 (OK) response with a Content-Length header field that
   reflects the complete length.  Otherwise, the combined response(s)
   MUST include a Content-Range header field describing the included
   range(s) and be recorded as incomplete.  If the union consists of a
   discontinuous range of the representation, then the client MAY store
   it as either a multipart range response or as multiple 206 responses
   with one continuous range each.

5.  Header Field Definitions

   This section defines the syntax and semantics of HTTP/1.1 header
   fields related to range requests and partial responses.

5.1.  Accept-Ranges

   The "Accept-Ranges" header field allows a resource to indicate its
   acceptance of range requests.

     Accept-Ranges     = acceptable-ranges
     acceptable-ranges = 1#range-unit / "none"

   Origin servers that accept byte-range requests MAY send

     Accept-Ranges: bytes

   but are not required to do so.  Clients MAY generate range requests
   without having received this header field for the resource involved.



Fielding, et al.       Expires September 13, 2012               [Page 9]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   Range units are defined in Section 2.

   Servers that do not accept any kind of range request for a resource
   MAY send

     Accept-Ranges: none

   to advise the client not to attempt a range request.

5.2.  Content-Range

   The "Content-Range" header field is sent with a partial
   representation to specify where in the full representation the
   payload body is intended to be applied.

   Range units are defined in Section 2.

     Content-Range           = byte-content-range-spec
                             / other-content-range-spec

     byte-content-range-spec = bytes-unit SP
                               byte-range-resp-spec "/"
                               ( instance-length / "*" )

     byte-range-resp-spec    = (first-byte-pos "-" last-byte-pos)
                             / "*"

     instance-length         = 1*DIGIT

     other-content-range-spec = other-range-unit SP
                                other-range-resp-spec
     other-range-resp-spec    = *CHAR

   The header field SHOULD indicate the total length of the full
   representation, unless this length is unknown or difficult to
   determine.  The asterisk "*" character means that the instance-length
   is unknown at the time when the response was generated.

   Unlike byte-ranges-specifier values (see Section 5.4.1), a byte-
   range-resp-spec MUST only specify one range, and MUST contain
   absolute byte positions for both the first and last byte of the
   range.

   A byte-content-range-spec with a byte-range-resp-spec whose last-
   byte-pos value is less than its first-byte-pos value, or whose
   instance-length value is less than or equal to its last-byte-pos
   value, is invalid.  The recipient of an invalid byte-content-range-
   spec MUST ignore it and any content transferred along with it.



Fielding, et al.       Expires September 13, 2012              [Page 10]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   In the case of a byte range request: A server sending a response with
   status code 416 (Requested range not satisfiable) SHOULD include a
   Content-Range field with a byte-range-resp-spec of "*".  The
   instance-length specifies the current length of the selected
   resource.  A response with status code 206 (Partial Content) MUST NOT
   include a Content-Range field with a byte-range-resp-spec of "*".

   The "Content-Range" header field has no meaning for status codes that
   do not explicitly describe its semantic.  Currently, only status
   codes 206 (Partial Content) and 416 (Requested range not satisfiable)
   describe the meaning of this header field.

   Examples of byte-content-range-spec values, assuming that the
   representation contains a total of 1234 bytes:

   o  The first 500 bytes:

        bytes 0-499/1234

   o  The second 500 bytes:

        bytes 500-999/1234

   o  All except for the first 500 bytes:

        bytes 500-1233/1234

   o  The last 500 bytes:

        bytes 734-1233/1234

   If the server ignores a byte-range-spec (for example if it is
   syntactically invalid, or if it may be seen as a denial-of-service
   attack), the server SHOULD treat the request as if the invalid Range
   header field did not exist.  (Normally, this means return a 200
   response containing the full representation).

5.3.  If-Range

   If a client has a partial copy of a representation and wishes to have
   an up-to-date copy of the entire representation, it could use the
   Range header field with a conditional GET (using either or both of
   If-Unmodified-Since and If-Match.)  However, if the condition fails
   because the representation has been modified, the client would then
   have to make a second request to obtain the entire current
   representation.

   The "If-Range" header field allows a client to "short-circuit" the



Fielding, et al.       Expires September 13, 2012              [Page 11]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   second request.  Informally, its meaning is "if the representation is
   unchanged, send me the part(s) that I am missing; otherwise, send me
   the entire new representation".

     If-Range = entity-tag / HTTP-date

   Clients MUST NOT use an entity-tag marked as weak in an If-Range
   field value and MUST NOT use a Last-Modified date in an If-Range
   field value unless it has no entity-tag for the representation and
   the Last-Modified date it does have for the representation is strong
   in the sense defined by Section 2.2.2 of [Part4].

   A server that evaluates a conditional range request that is
   applicable to one of its representations MUST evaluate the condition
   as false if the entity-tag used as a validator is marked as weak or,
   when an HTTP-date is used as the validator, if the date value is not
   strong in the sense defined by Section 2.2.2 of [Part4].  (A server
   can distinguish between a valid HTTP-date and any form of entity-tag
   by examining the first two characters.)

   The If-Range header field SHOULD only be sent by clients together
   with a Range header field.  The If-Range header field MUST be ignored
   if it is received in a request that does not include a Range header
   field.  The If-Range header field MUST be ignored by a server that
   does not support the sub-range operation.

   If the validator given in the If-Range header field matches the
   current validator for the selected representation of the target
   resource, then the server SHOULD send the specified sub-range of the
   representation using a 206 (Partial Content) response.  If the
   validator does not match, then the server SHOULD send the entire
   representation using a 200 (OK) response.

5.4.  Range

5.4.1.  Byte Ranges

   Since all HTTP representations are transferred as sequences of bytes,
   the concept of a byte range is meaningful for any HTTP
   representation.  (However, not all clients and servers need to
   support byte-range operations.)

   Byte range specifications in HTTP apply to the sequence of bytes in
   the representation body (not necessarily the same as the message
   body).

   A byte range operation MAY specify a single range of bytes, or a set
   of ranges within a single representation.



Fielding, et al.       Expires September 13, 2012              [Page 12]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


     byte-ranges-specifier = bytes-unit "=" byte-range-set
     byte-range-set  = 1#( byte-range-spec / suffix-byte-range-spec )
     byte-range-spec = first-byte-pos "-" [ last-byte-pos ]
     first-byte-pos  = 1*DIGIT
     last-byte-pos   = 1*DIGIT

   The first-byte-pos value in a byte-range-spec gives the byte-offset
   of the first byte in a range.  The last-byte-pos value gives the
   byte-offset of the last byte in the range; that is, the byte
   positions specified are inclusive.  Byte offsets start at zero.

   If the last-byte-pos value is present, it MUST be greater than or
   equal to the first-byte-pos in that byte-range-spec, or the byte-
   range-spec is syntactically invalid.  The recipient of a byte-range-
   set that includes one or more syntactically invalid byte-range-spec
   values MUST ignore the header field that includes that byte-range-
   set.

   If the last-byte-pos value is absent, or if the value is greater than
   or equal to the current length of the representation body, last-byte-
   pos is taken to be equal to one less than the current length of the
   representation in bytes.

   By its choice of last-byte-pos, a client can limit the number of
   bytes retrieved without knowing the size of the representation.

     suffix-byte-range-spec = "-" suffix-length
     suffix-length = 1*DIGIT

   A suffix-byte-range-spec is used to specify the suffix of the
   representation body, of a length given by the suffix-length value.
   (That is, this form specifies the last N bytes of a representation.)
   If the representation is shorter than the specified suffix-length,
   the entire representation is used.

   If a syntactically valid byte-range-set includes at least one byte-
   range-spec whose first-byte-pos is less than the current length of
   the representation, or at least one suffix-byte-range-spec with a
   non-zero suffix-length, then the byte-range-set is satisfiable.
   Otherwise, the byte-range-set is unsatisfiable.  If the byte-range-
   set is unsatisfiable, the server SHOULD return a response with a 416
   (Requested range not satisfiable) status code.  Otherwise, the server
   SHOULD return a response with a 206 (Partial Content) status code
   containing the satisfiable ranges of the representation.

   Examples of byte-ranges-specifier values (assuming a representation
   of length 10000):




Fielding, et al.       Expires September 13, 2012              [Page 13]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   o  The first 500 bytes (byte offsets 0-499, inclusive):

        bytes=0-499

   o  The second 500 bytes (byte offsets 500-999, inclusive):

        bytes=500-999

   o  The final 500 bytes (byte offsets 9500-9999, inclusive):

        bytes=-500

      Or:

        bytes=9500-

   o  The first and last bytes only (bytes 0 and 9999):

        bytes=0-0,-1

   o  Several legal but not canonical specifications of the second 500
      bytes (byte offsets 500-999, inclusive):

        bytes=500-600,601-999
        bytes=500-700,601-999

5.4.2.  Range Retrieval Requests

   The "Range" header field defines the GET method (conditional or not)
   to request one or more sub-ranges of the response representation
   body, instead of the entire representation body.

     Range = byte-ranges-specifier / other-ranges-specifier
     other-ranges-specifier = other-range-unit "=" other-range-set
     other-range-set = 1*CHAR

   A server MAY ignore the Range header field.  However, origin servers
   and intermediate caches ought to support byte ranges when possible,
   since Range supports efficient recovery from partially failed
   transfers, and supports efficient partial retrieval of large
   representations.

   If the server supports the Range header field and the specified range
   or ranges are appropriate for the representation:

   o  The presence of a Range header field in an unconditional GET
      modifies what is returned if the GET is otherwise successful.  In
      other words, the response carries a status code of 206 (Partial



Fielding, et al.       Expires September 13, 2012              [Page 14]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


      Content) instead of 200 (OK).

   o  The presence of a Range header field in a conditional GET (a
      request using one or both of If-Modified-Since and If-None-Match,
      or one or both of If-Unmodified-Since and If-Match) modifies what
      is returned if the GET is otherwise successful and the condition
      is true.  It does not affect the 304 (Not Modified) response
      returned if the conditional is false.

   In some cases, it might be more appropriate to use the If-Range
   header field (see Section 5.3) in addition to the Range header field.

   If a proxy that supports ranges receives a Range request, forwards
   the request to an inbound server, and receives an entire
   representation in reply, it MAY only return the requested range to
   its client.

6.  IANA Considerations

6.1.  Status Code Registration

   The HTTP Status Code Registry located at
   <http://www.iana.org/assignments/http-status-codes> shall be updated
   with the registrations below:

   +-------+---------------------------------+-------------+
   | Value | Description                     | Reference   |
   +-------+---------------------------------+-------------+
   | 206   | Partial Content                 | Section 3.1 |
   | 416   | Requested Range Not Satisfiable | Section 3.2 |
   +-------+---------------------------------+-------------+

6.2.  Header Field Registration

   The Message Header Field Registry located at <http://www.iana.org/
   assignments/message-headers/message-header-index.html> shall be
   updated with the permanent registrations below (see [RFC3864]):

   +-------------------+----------+----------+-------------+
   | Header Field Name | Protocol | Status   | Reference   |
   +-------------------+----------+----------+-------------+
   | Accept-Ranges     | http     | standard | Section 5.1 |
   | Content-Range     | http     | standard | Section 5.2 |
   | If-Range          | http     | standard | Section 5.3 |
   | Range             | http     | standard | Section 5.4 |
   +-------------------+----------+----------+-------------+

   The change controller is: "IETF (iesg@ietf.org) - Internet



Fielding, et al.       Expires September 13, 2012              [Page 15]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   Engineering Task Force".

6.3.  Range Specifier Registration

   The registration procedure for HTTP Range Specifiers is defined by
   Section 2.1 of this document.

   The HTTP Range Specifier Registry shall be created at
   <http://www.iana.org/assignments/http-range-specifiers> and be
   populated with the registrations below:

   +----------------------+-------------------+----------------------+
   | Range Specifier Name | Description       | Reference            |
   +----------------------+-------------------+----------------------+
   | bytes                | a range of octets | (this specification) |
   +----------------------+-------------------+----------------------+

   The change controller is: "IETF (iesg@ietf.org) - Internet
   Engineering Task Force".

7.  Security Considerations

   This section is meant to inform application developers, information
   providers, and users of the security limitations in HTTP/1.1 as
   described by this document.  The discussion does not include
   definitive solutions to the problems revealed, though it does make
   some suggestions for reducing security risks.

7.1.  Overlapping Ranges

   Range requests containing overlapping ranges may lead to the
   situation where a server is sending far more data than the size of
   the complete resource representation.

8.  Acknowledgments

   See Section 9 of [Part1].

9.  References

9.1.  Normative References

   [Part1]    Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
              "HTTP/1.1, part 1: URIs, Connections, and Message
              Parsing", draft-ietf-httpbis-p1-messaging-19 (work in
              progress), March 2012.

   [Part2]    Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,



Fielding, et al.       Expires September 13, 2012              [Page 16]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


              "HTTP/1.1, part 2: Message Semantics",
              draft-ietf-httpbis-p2-semantics-19 (work in progress),
              March 2012.

   [Part4]    Fielding, R., Ed., Lafon, Y., Ed., and J. Reschke, Ed.,
              "HTTP/1.1, part 4: Conditional Requests",
              draft-ietf-httpbis-p4-conditional-19 (work in progress),
              March 2012.

   [Part6]    Fielding, R., Ed., Lafon, Y., Ed., Nottingham, M., Ed.,
              and J. Reschke, Ed., "HTTP/1.1, part 6: Caching",
              draft-ietf-httpbis-p6-cache-19 (work in progress),
              March 2012.

   [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part Two: Media Types", RFC 2046,
              November 1996.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

9.2.  Informative References

   [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
              Procedures for Message Header Fields", BCP 90, RFC 3864,
              September 2004.

   [RFC4288]  Freed, N. and J. Klensin, "Media Type Specifications and
              Registration Procedures", BCP 13, RFC 4288, December 2005.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              May 2008.

Appendix A.  Internet Media Type multipart/byteranges

   When an HTTP 206 (Partial Content) response message includes the
   content of multiple ranges (a response to a request for multiple non-
   overlapping ranges), these are transmitted as a multipart message
   body ([RFC2046], Section 5.1).  The media type for this purpose is
   called "multipart/byteranges".  The following is to be registered



Fielding, et al.       Expires September 13, 2012              [Page 17]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   with IANA [RFC4288].

      Note: Despite the name "multipart/byteranges" is not limited to
      the byte ranges only.

   The multipart/byteranges media type includes one or more parts, each
   with its own Content-Type and Content-Range fields.  The required
   boundary parameter specifies the boundary string used to separate
   each body-part.

   Type name:  multipart

   Subtype name:  byteranges

   Required parameters:  boundary

   Optional parameters:  none

   Encoding considerations:  only "7bit", "8bit", or "binary" are
      permitted

   Security considerations:  none

   Interoperability considerations:  none

   Published specification:  This specification (see Appendix A).

   Applications that use this media type:

   Additional information:

      Magic number(s):  none

      File extension(s):  none

      Macintosh file type code(s):  none

   Person and email address to contact for further information:  See
      Authors Section.

   Intended usage:  COMMON

   Restrictions on usage:  none

   Author/Change controller:  IESG






Fielding, et al.       Expires September 13, 2012              [Page 18]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   For example:

     HTTP/1.1 206 Partial Content
     Date: Wed, 15 Nov 1995 06:25:24 GMT
     Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT
     Content-type: multipart/byteranges; boundary=THIS_STRING_SEPARATES

     --THIS_STRING_SEPARATES
     Content-type: application/pdf
     Content-range: bytes 500-999/8000

     ...the first range...
     --THIS_STRING_SEPARATES
     Content-type: application/pdf
     Content-range: bytes 7000-7999/8000

     ...the second range
     --THIS_STRING_SEPARATES--

   Other example:

     HTTP/1.1 206 Partial Content
     Date: Tue, 14 Nov 1995 06:25:24 GMT
     Last-Modified: Tue, 14 July 04:58:08 GMT
     Content-type: multipart/byteranges; boundary=THIS_STRING_SEPARATES

     --THIS_STRING_SEPARATES
     Content-type: video/example
     Content-range: exampleunit 1.2-4.3/25

     ...the first range...
     --THIS_STRING_SEPARATES
     Content-type: video/example
     Content-range: exampleunit 11.2-14.3/25

     ...the second range
     --THIS_STRING_SEPARATES--

   Notes:

   1.  Additional CRLFs MAY precede the first boundary string in the
       body.

   2.  Although [RFC2046] permits the boundary string to be quoted, some
       existing implementations handle a quoted boundary string
       incorrectly.





Fielding, et al.       Expires September 13, 2012              [Page 19]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   3.  A number of browsers and servers were coded to an early draft of
       the byteranges specification to use a media type of multipart/
       x-byteranges, which is almost, but not quite compatible with the
       version documented in HTTP/1.1.

Appendix B.  Changes from RFC 2616

   Clarify that it is not ok to use a weak validator in a 206 response.
   (Section 3.1)

   Change ABNF productions for header fields to only define the field
   value.  (Section 5)

   Clarify that multipart/byteranges can consist of a single part.
   (Appendix A)




































Fielding, et al.       Expires September 13, 2012              [Page 20]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


Appendix C.  Collected ABNF

   Accept-Ranges = acceptable-ranges

   Content-Range = byte-content-range-spec / other-content-range-spec

   HTTP-date = <HTTP-date, defined in [Part2], Section 8>

   If-Range = entity-tag / HTTP-date

   OWS = <OWS, defined in [Part1], Section 3.2.1>

   Range = byte-ranges-specifier / other-ranges-specifier

   acceptable-ranges = ( *( "," OWS ) range-unit *( OWS "," [ OWS
    range-unit ] ) ) / "none"

   byte-content-range-spec = bytes-unit SP byte-range-resp-spec "/" (
    instance-length / "*" )
   byte-range-resp-spec = ( first-byte-pos "-" last-byte-pos ) / "*"
   byte-range-set = ( *( "," OWS ) byte-range-spec ) / (
    suffix-byte-range-spec *( OWS "," [ ( OWS byte-range-spec ) /
    suffix-byte-range-spec ] ) )
   byte-range-spec = first-byte-pos "-" [ last-byte-pos ]
   byte-ranges-specifier = bytes-unit "=" byte-range-set
   bytes-unit = "bytes"

   entity-tag = <entity-tag, defined in [Part4], Section 2.3>

   first-byte-pos = 1*DIGIT

   instance-length = 1*DIGIT

   last-byte-pos = 1*DIGIT

   other-content-range-spec = other-range-unit SP other-range-resp-spec
   other-range-resp-spec = *CHAR
   other-range-set = 1*CHAR
   other-range-unit = token
   other-ranges-specifier = other-range-unit "=" other-range-set

   range-unit = bytes-unit / other-range-unit

   suffix-byte-range-spec = "-" suffix-length
   suffix-length = 1*DIGIT

   token = <token, defined in [Part1], Section 3.2.4>




Fielding, et al.       Expires September 13, 2012              [Page 21]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   ABNF diagnostics:

   ; Accept-Ranges defined but not used
   ; Content-Range defined but not used
   ; If-Range defined but not used
   ; Range defined but not used

Appendix D.  Change Log (to be removed by RFC Editor before publication)

D.1.  Since RFC 2616

   Extracted relevant partitions from [RFC2616].

D.2.  Since draft-ietf-httpbis-p5-range-00

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/18>: "Cache
      validators in 206 responses"
      (<http://purl.org/NET/http-errata#ifrange206>)

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and
      Informative references"

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/86>: "Normative up-
      to-date references"

D.3.  Since draft-ietf-httpbis-p5-range-01

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/55>: "Updating to
      RFC4288"

   Ongoing work on ABNF conversion
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):

   o  Add explicit references to BNF syntax and rules imported from
      other parts of the specification.

D.4.  Since draft-ietf-httpbis-p5-range-02

   Ongoing work on IANA Message Header Field Registration
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>):

   o  Reference RFC 3984, and update header field registrations for
      headers defined in this document.




Fielding, et al.       Expires September 13, 2012              [Page 22]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


D.5.  Since draft-ietf-httpbis-p5-range-03

   None.

D.6.  Since draft-ietf-httpbis-p5-range-04

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/133>: "multipart/
      byteranges minimum number of parts"

   Ongoing work on ABNF conversion
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):

   o  Use "/" instead of "|" for alternatives.

   o  Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
      whitespace ("OWS") and required whitespace ("RWS").

   o  Rewrite ABNFs to spell out whitespace rules, factor out header
      field value format definitions.

D.7.  Since draft-ietf-httpbis-p5-range-05

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/142>: "State base
      for *-byte-pos and suffix-length"

   Ongoing work on Custom Ranges
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/85>):

   o  Remove bias in favor of byte ranges; allow custom ranges in ABNF.

   Final work on ABNF conversion
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):

   o  Add appendix containing collected and expanded ABNF, reorganize
      ABNF introduction.

D.8.  Since draft-ietf-httpbis-p5-range-06

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/161>: "base for
      numeric protocol elements"





Fielding, et al.       Expires September 13, 2012              [Page 23]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


D.9.  Since draft-ietf-httpbis-p5-range-07

   Closed issues:

   o  Fixed discrepancy in the If-Range definition about allowed
      validators.

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/150>: "multipart/
      byteranges for custom range units"

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/151>: "range unit
      missing from other-ranges-specifier in Range header"

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/198>: "move IANA
      registrations for optional status codes"

D.10.  Since draft-ietf-httpbis-p5-range-08

   No significant changes.

D.11.  Since draft-ietf-httpbis-p5-range-09

   No significant changes.

D.12.  Since draft-ietf-httpbis-p5-range-10

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/69>: "Clarify
      'Requested Variant'"

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/109>: "Clarify
      entity / representation / variant terminology"

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/220>: "consider
      removing the 'changes from 2068' sections"

   Ongoing work on Custom Ranges
   (<http://tools.ietf.org/wg/httpbis/trac/ticket/85>):

   o  Add IANA registry.

D.13.  Since draft-ietf-httpbis-p5-range-11

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/217>: "Caches can't
      be required to serve ranges"



Fielding, et al.       Expires September 13, 2012              [Page 24]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


D.14.  Since draft-ietf-httpbis-p5-range-12

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/224>: "Header
      Classification"

D.15.  Since draft-ietf-httpbis-p5-range-13

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/276>: "untangle
      ABNFs for header fields"

D.16.  Since draft-ietf-httpbis-p5-range-14

   None.

D.17.  Since draft-ietf-httpbis-p5-range-15

   Closed issues:

   o  <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/175>: "Security
      consideration: range flooding"

D.18.  Since draft-ietf-httpbis-p5-range-16

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/186>: "Document
      HTTP's error-handling philosophy"

   o  <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/301>: "Content-
      Range on responses other than 206"

   o  <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/319>: "case
      sensitivity of ranges in p5"

D.19.  Since draft-ietf-httpbis-p5-range-17

   None.

D.20.  Since draft-ietf-httpbis-p5-range-18

   Closed issues:

   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/311>: "Add
      limitations to Range to reduce its use as a denial-of-service



Fielding, et al.       Expires September 13, 2012              [Page 25]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


      tool"

Index

   2
      206 Partial Content (status code)  6

   4
      416 Requested Range Not Satisfiable (status code)  7

   A
      Accept-Ranges header field  9

   C
      Content-Range header field  10

   G
      Grammar
         Accept-Ranges  9
         acceptable-ranges  9
         byte-content-range-spec  10
         byte-range-resp-spec  10
         byte-range-set  13
         byte-range-spec  13
         byte-ranges-specifier  13
         bytes-unit  5
         Content-Range  10
         first-byte-pos  13
         If-Range  12
         instance-length  10
         last-byte-pos  13
         other-range-unit  5
         Range  14
         range-unit  5
         ranges-specifier  13
         suffix-byte-range-spec  13
         suffix-length  13

   H
      Header Fields
         Accept-Ranges  9
         Content-Range  10
         If-Range  11
         Range  12

   I
      If-Range header field  11




Fielding, et al.       Expires September 13, 2012              [Page 26]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   M
      Media Type
         multipart/byteranges  17
         multipart/x-byteranges  20
      multipart/byteranges Media Type  17
      multipart/x-byteranges Media Type  20

   R
      Range header field  12

   S
      Status Codes
         206 Partial Content  6
         416 Requested Range Not Satisfiable  7

Authors' Addresses

   Roy T. Fielding (editor)
   Adobe Systems Incorporated
   345 Park Ave
   San Jose, CA  95110
   USA

   EMail: fielding@gbiv.com
   URI:   http://roy.gbiv.com/


   Yves Lafon (editor)
   World Wide Web Consortium
   W3C / ERCIM
   2004, rte des Lucioles
   Sophia-Antipolis, AM  06902
   France

   EMail: ylafon@w3.org
   URI:   http://www.raubacapeu.net/people/yves/















Fielding, et al.       Expires September 13, 2012              [Page 27]


Internet-Draft              HTTP/1.1, Part 5                  March 2012


   Julian F. Reschke (editor)
   greenbytes GmbH
   Hafenweg 16
   Muenster, NW  48155
   Germany

   Phone: +49 251 2807760
   Fax:   +49 251 2807761
   EMail: julian.reschke@greenbytes.de
   URI:   http://greenbytes.de/tech/webdav/









































Fielding, et al.       Expires September 13, 2012              [Page 28]