WebApp Sec mailing list archives
Re: http://www.domainname.com./ (with the ending)
From: exon <exon () home se>
Date: Thu, 14 Apr 2005 02:05:51 +0200
Fun issue. It seems to come back to haunt all the sec-lists once every six months.
This is the intended DNS lookup behaviour, and FQDN's NOT ending in a dot gets one appended before the request is sent to the DNS. Read the relevant RFC if you're curious about details.
/exon Scovetta, Michael V wrote:
All-- I don't think this is anything to be concerned about, but I find it odd that some websites (looks like IIS-sites), if you go to http://server./ (with a period appended), you usually get a "no web site configured", or "under construction". I guess the browser ignores the last . and finds the name in DNS, but then puts the . in the Host header. It looks like Apache ignores the . in the host header, so you go wind up seeing http://server/'s content even though the URL says http://server./For instance: http://www.google.com./ Normal Google page http://www.easyasphosting.com./ 400 - bad request http://www.iviewstudio.com./ 404 - File Not Found (or "No web siteis configured at this address") I'd assume that if you have multiple hosts configured, then the . throws it off. It also looks like Firefox and IE both handle it the same way. Sorry if this is a re-post-- I've never heard of this before, it just struck me as odd, and thought I should throw it out there. Regards, Michael Scovetta Computer Associates Senior Application Developer
Current thread:
- http://www.domainname.com./ (with the ending) Scovetta, Michael V (Apr 13)
- Re: http://www.domainname.com./ (with the ending) exon (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Robert Hajime Lanning (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Mark Burnett (Apr 13)
- <Possible follow-ups>
- RE: http://www.domainname.com./ (with the ending) Wall, Kevin (Apr 13)