Home page logo
/

nanog logo nanog mailing list archives

Re: Pattern matching odd HTTP request
From: "Dominic J. Eidson" <sauron () the-infinite org>
Date: Thu, 20 Sep 2001 13:18:22 -0500 (CDT)


On Thu, 20 Sep 2001, Karsten W. Rohrbach wrote:

[snip]

1 client connects to server
2 when socket is connected, client send http headers (accept/host/...)
3 client issues a request (see rfc2616 for that) like GET / HTTP/1.1
  followed by two carriage returns

I hate to be pendantic, but the following is the order of HTTP headers:

nedominic () is:~ > netcat -l -p 5000
GET / HTTP/1.0
Connection: Keep-Alive
User-Agent: Mozilla/4.74 [en] (X11; U; Linux 2.2.16 i686)
Host: is:5000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*
Accept-Encoding: gzip
Accept-Language: en
Accept-Charset: iso-8859-1,*,utf-8

dominic () is:~ > 

In other words, your step 2 and 3 should be in the opposite order.

4 server starts processing the request (filtering headers and uri
  information through the stack of configured modules)

i hope this shed a little light on the issue.

Ditto.


-- 
Dominic J. Eidson
                                        "Baruk Khazad! Khazad ai-menu!" - Gimli
-------------------------------------------------------------------------------
http://www.the-infinite.org/              http://www.the-infinite.org/~dominic/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault