| How do I disable HTTP HOST being sent?
|
Karma
msg:3859231 | 3:59 pm on Feb 27, 2009 (gmt 0) |
Hey all :) I need to try and replicate an error on a site, but I'm not sure how to do it. When "HTTP_HOST" is not set (which comes from the browser IIRC) the site errors. How can I test this? I need to disable this HTTP_HOST value being sent but can't see where I can do this in IE/Firefox etc.
|
physics
msg:3859237 | 4:11 pm on Feb 27, 2009 (gmt 0) |
Hi Karma. This post may be helpful to you:
HTTP_HOST vs SERVER_NAME [webmasterworld.com]
|
Karma
msg:3859411 | 7:22 pm on Feb 27, 2009 (gmt 0) |
Thanks physics, didn't really help though. I'm trying to find a way of stopping the HTTP_HOST being sent by the browser. I'm slightly suspicious that someone/something is sending these requests at my server with malicious intent (either way, I need to amend the code to cope with it being empty).
|
pinterface
msg:3859472 | 8:55 pm on Feb 27, 2009 (gmt 0) |
You can make FF/IE not send the HTTP Host: header by using the IP address of your website. Other options are to use either a program meant to do that sort of thing (e.g., a perl script), or do it manually. For the manual process, do something like fire up Hyperterminal, connect to your-site.example.com, port 80, turn on local echo (so you can see what you're doing), and type in the HTTP request. e.g.,
GET / HTTP/1.0<return>
<return>
or
GET /your/page.html HTTP/1.0<return>
Host: happy.days.are.here.again<return>
<return>
You'll then get to see the entire response from your webserver, headers and all.
|
phranque
msg:3859479 | 9:10 pm on Feb 27, 2009 (gmt 0) |
you can filter http request headers with the Modify Headers 0.6.1 [modifyheaders.mozdev.org] add-on for firefox.
|
|
|
