|
WebApp Sec
mailing list archives
http://www.domainname.com./ (with the ending)
From: "Scovetta, Michael V" <Michael.Scovetta () ca com>
Date: Wed, 13 Apr 2005 10:52:31 -0400
All--
I don't think this is anything to be concerned about, but I find it odd that some websites (looks like IIS-sites), if
you go to http://server./ (with a period appended), you usually get a "no web site configured", or "under
construction". I guess the browser ignores the last . and finds the name in DNS, but then puts the . in the Host
header. It looks like Apache ignores the . in the host header, so you go wind up seeing http://server/'s content even
though the URL says http://server./
For instance:
http://www.google.com./ Normal Google page
http://www.easyasphosting.com./ 400 - bad request
http://www.iviewstudio.com./ 404 - File Not Found (or "No web site is configured at this address")
I'd assume that if you have multiple hosts configured, then the . throws it off.
It also looks like Firefox and IE both handle it the same way.
Sorry if this is a re-post-- I've never heard of this before, it just struck me as odd, and thought I should throw it
out there.
Regards,
Michael Scovetta
Computer Associates
Senior Application Developer
 By Date 
By Thread
Current thread:
- http://www.domainname.com./ (with the ending) Scovetta, Michael V (Apr 13)
|
Intro
