On Mon, 29 Dec 2003, Jon Copeland wrote: > Does anyone know if it's possible to see how many Virtual Hosts an IP > address is serving? > Eg, Lets say my externally accessible IP address was 68.144.x.x :-) and > I were hosting www.x1.ca , www.x2.ca and www.x3.ca using Apache's > Virtual Hosts thing. Would it be possible for someone on the internet > to determine what websites I'm running based on my IP address?
Theoretically, it could be brute-forced. In practice, probably not unless you're letting that info out somehow. The HTTP protocol provides no way to enumerate virtual hosts except brute force. That said, if you have some sort of status scheme enabled that shows that info, or your httpd.conf is visible, or you have all your sites in folders like /webroot/site1, /webroot/site2, and serve up an index of /webroot in some circumstance, then all bets are off. :) -- William Astle finger [EMAIL PROTECTED] for further information Geek Code V3.12: GCS/M/S d- s+:+ !a C++ UL++++$ P++ L+++ !E W++ !N w--- !O !M PS PE V-- Y+ PGP t+@ 5++ X !R tv+@ b+++@ !DI D? G e++ h+ y? _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
