Edward Bishop wrote: > The HTTP tutorials etc on the web all suggest that you telnet to a web > server to experiment with HTTP requests and responses, eg > telnet www.some-server.com 80 > and then send > get /path/index.htm http/1.1 > > but I can't get anything except 500, 501 and 502 errors. Has > anyone ever made this work?
Erm, yes. Rather frequently! > Does it fail because everyone has disabled Telnet access for > security reasons? If so, how does the HTTP server tell the difference > between a browser and a Telnet client connecting to port 80? Disabling telnet as a *service* prevents you from connecting to the telnet server on port 23. You're using a telnet *client* to connect to port 80, hence the ' 80' after the IP address. You get the errors because you're asking for a HTTP/1.1 request and not specifying a hostname. Either do: telnet www.some-server.com 80 <wait for connected banner> GET /path/file.html HTTP/1.1 Host: www.some-server.com and hit return twice. Or: telnet www.some-server.com 80 <wait for connected banner> GET /path/file.html HTTP/1.0 and hit return twice. HTTP/1.1 was the extension to the HTTP protocol which allows name-based, rather than IP-based, virtual hosting. It means you can have several virtual sites handled by the same server application on the same IP address, and is the way that pretty much all commercial hosting is done. Don't get confused between telnet as a *server* and telnet as a client. When you use the telnet client to connect to port 80 of a webserver and feed it the correctly formatted query, the server doesn't know if you're a browser application or not. It just does as it's asked! HTH Graeme -- Graeme Fowler System Administrator Host Europe Group PLC _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
