WebApp Sec mailing list archives
Re: http://www.domainname.com./ (with the ending)
From: Mark Burnett <mb () xato net>
Date: Wed, 13 Apr 2005 19:36:51 -0600
Basically what you are doing is providing a domain name that it does not recognize. It therefore either tries the default web site (either Under Construction or the actual web site) if one is configured or returns a 404 error if there is no web site configured. If the site has URLScan installed, you will see the 400 error message. You would get the same effect by browsing directly to the IP address of the web site and not providing a host header. Mark Burnett On Wed, 13 Apr 2005 10:52:31 -0400, Scovetta, Michael V wrote:
All-- I don't think this is anything to be concerned about, but I find it odd that some websites (looks like IIS-sites), if you go to http://server./ (with a period appended), you usually get a "no web site configured", or "under construction". I guess the browser ignores the last . and finds the name in DNS, but then puts the . in the Host header. It looks like Apache ignores the . in the host header, so you go wind up seeing http://server/'s content even though the URL says http://server./ For instance: http://www.google.com./ Normal Google page http://www.easyasphosting.com./ 400 - bad request http://www.iviewstudio.com./ 404 - File Not Found (or "No web site is configured at this address") I'd assume that if you have multiple hosts configured, then the . throws it off. It also looks like Firefox and IE both handle it the same way. Sorry if this is a re-post-- I've never heard of this before, it just struck me as odd, and thought I should throw it out there. Regards, Michael Scovetta Computer Associates Senior Application Developer
Current thread:
- http://www.domainname.com./ (with the ending) Scovetta, Michael V (Apr 13)
- Re: http://www.domainname.com./ (with the ending) exon (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Robert Hajime Lanning (Apr 13)
- Re: http://www.domainname.com./ (with the ending) Mark Burnett (Apr 13)
- <Possible follow-ups>
- RE: http://www.domainname.com./ (with the ending) Wall, Kevin (Apr 13)