Re: reverse proxy identification

From: AdamT (adwulf@gmail.com)
Date: Mon Jan 15 2007 - 13:24:34 EST

• Next message: Lee Lawson: "Re: Mile2 Training (Certifications)"
• Previous message: Renee Peters: "RE: Mile2 Training (Certifications)"
• In reply to: sami ghourabi: "reverse proxy identification"
• Next in thread: R. DuFresne: "Re: reverse proxy identification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On 12/01/07, sami ghourabi <sami.ghourabi@icn.com.tn> wrote:

> When I browse to the IPs with firefox, I recieve several messages "No
> web site is configured at this address." for some IP.
> Does anybody here know if this message is specific to a given reverse
> proxy/web server product ?

IIS 4, 5 or 6. The server is being used to host several virtual web
servers, and the page returned depends on the host: header sent by the
browser.

If you send something like:

GET / HTTP/1.0
host: www.example.com

and www.example.com is one of the virtual servers configured, you'll
get the web page sent back to you.

If you don't send a host: header, or the host specified isn't on that
server, you'll get the "no web site is configured at this address".

Host: headers are usually worked out by the browser, based on the DNS
name specified in the URL. Easiest thing to do to change the host
header sent by firefox will be to add entries to your /etc/hosts file
(or %WINDIR%\System32\drivers\etc\hosts if you prefer) - and then use
that hostname in the URL you're surfing to.

See: http://support.microsoft.com/kb/300238 for more info.

Unfortunately, I'm not aware of an easy way of enumerating which
virtual hosts are configured on the server. If possible, try getting
a zone transfer from one of their DNS servers to see which A and CNAME
records are configured to point at that IP address. Otherwise, you're
stuck with trickier methods, like sniffing traffic to see which host
headers are in use, or trying to get the info from some of the end
users.
Maybe do a search for web pages and usenet postings containing
'example.com', and seeing what comes up.

-- 
AdamT
"A casual stroll through the lunatic asylum shows that faith does not
prove anything." - Nietzsche
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Lee Lawson: "Re: Mile2 Training (Certifications)"
• Previous message: Renee Peters: "RE: Mile2 Training (Certifications)"
• In reply to: sami ghourabi: "reverse proxy identification"
• Next in thread: R. DuFresne: "Re: reverse proxy identification"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:31 EDT