WebApp Sec mailing list archives

Re: http://www.domainname.com./ (with the ending)

From: Robert Hajime Lanning <robert.lanning () gmail com>
Date: Wed, 13 Apr 2005 17:52:55 -0700

On 4/13/05, Scovetta, Michael V <Michael.Scovetta () ca com> wrote:

All--

I don't think this is anything to be concerned about, but I find it odd that some websites
(looks like IIS-sites), if you go to http://server./ (with a period appended), you usually
get a "no web site configured", or "under construction". I guess the browser ignores
the last . and finds the name in DNS, but then puts the . in the Host header.


The last "." in a domain name is valid.  In fact, if it is not there,
it is implied.
"." in DNS is the root of the global DNS tree.  From this root spawns
the "com", "edu",
"jp", and so on.  There are specific nameservers for root (".") that
are different than
the nameservers for "com.", which are different for "org."  So, the
"." is not stripped
for the DNS query.  A fully qualified domain name ending with a "." is usually
considered as the canonical form.

The webservers just need to add the explicit "." version of the name
to be an alias for the
virtual host.  This would be true for any webserver that did no
"fuzzy" matching to the
virtual host.  (Oh, you really mean the URL without the ".".)

Apache does a normalization to the host name given.  In this
normalization it strips the ".".
--
END OF LINE
       -MCP

Current thread:

http://www.domainname.com./ (with the ending) Scovetta, Michael V (Apr 13)
- Re: http://www.domainname.com./ (with the ending) exon (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Robert Hajime Lanning (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Mark Burnett (Apr 13)
- <Possible follow-ups>
- RE: http://www.domainname.com./ (with the ending) Wall, Kevin (Apr 13)