Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Web server http protocol version support
From: Maarten Van Horenbeeck <maarten () daemon be>
Date: Fri, 12 Nov 2004 14:48:13 +0000 (GMT)

Hi Marc,

In RFC 2616, describing version 1.1 of the Hypertext Transfer Protocol, it
is described that the specification expects HTTP/1.1 servers to respond
appropriately with a message in "the same major version used by the
client".    However, this is not in compliance with another RFC, 2145,
which explicitly states that a server should send the highest version it
supports, but "may" send a lower version in case it is suspected that the
client may not handle the higher version correctly.

This means that an HTTP/0.9 request is usually responded to with an
HTTP/0.9 reply.  An HTTP/1.0 request can be responded to with either an
HTTP/1.0 or HTTP/1.1 reply.  This is done because in versions prior to
"major version" 1, no version numbers where used, which would make it
harder for a 0.9 version to identify the server side.

A while back I tested this on a number of web servers.  When sending an
HTTP/0.9 request to an Apache 1.3.31 or SunONE web server, I did in fact
receive an HTTP/0.9 reply.  These are easy to identify as they don't even
contain headers or a version number, just the pure html.  When I did the
same with an IIS 5 or 6, I received an HTTP/1.1 reply.  Both of these are
acceptable, but the Apache/SunONE response is technically "more correct",
as it avoids client interpretation problems.

I've used this quite often to identify a web server when the Server:
header has been obfuscated.  Used together with other items specific to
certain server types (encoding, default settings such as keepalive), this
is quite reliable.

Cheers,
Maarten

--
Maarten Van Horenbeeck, GCIA <maarten () daemon be>
http://www.daemon.be/maarten

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault