WebApp Sec mailing list archives
Re: http://www.domainname.com./ (with the ending)
From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Wed, 13 Apr 2005 17:52:55 -0700
On 4/13/05, Scovetta, Michael V <Michael.Scovetta () ca com> wrote:
All-- I don't think this is anything to be concerned about, but I find it odd that some websites (looks like IIS-sites), if you go to http://server./ (with a period appended), you usually get a "no web site configured", or "under construction". I guess the browser ignores the last . and finds the name in DNS, but then puts the . in the Host header.
The last "." in a domain name is valid. In fact, if it is not there, it is implied. "." in DNS is the root of the global DNS tree. From this root spawns the "com", "edu", "jp", and so on. There are specific nameservers for root (".") that are different than the nameservers for "com.", which are different for "org." So, the "." is not stripped for the DNS query. A fully qualified domain name ending with a "." is usually considered as the canonical form. The webservers just need to add the explicit "." version of the name to be an alias for the virtual host. This would be true for any webserver that did no "fuzzy" matching to the virtual host. (Oh, you really mean the URL without the ".".) Apache does a normalization to the host name given. In this normalization it strips the ".". -- END OF LINE -MCP
Current thread:
- http://www.domainname.com./ (with the ending) Scovetta, Michael V (Apr 13)
- Re: http://www.domainname.com./ (with the ending) exon (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Robert Hajime Lanning (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Mark Burnett (Apr 13)
- <Possible follow-ups>
- RE: http://www.domainname.com./ (with the ending) Wall, Kevin (Apr 13)