Thanks Graeme for this very helpful reply. Thanks also to Harald Kapper in Austria who pointed out that the GET and HTTP parts are case-sensitive which I didn't know.
Eddie Bishop ----- Original Message ----- From: Graeme Fowler <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 18, 2001 3:33 PM Subject: RE: [cobalt-security] Possibly OT - Telnet and HTTP > Edward Bishop wrote: > > > The HTTP tutorials etc on the web all suggest that you telnet to a web > > server to experiment with HTTP requests and responses, eg > > telnet www.some-server.com 80 > > and then send > > get /path/index.htm http/1.1 > > > > but I can't get anything except 500, 501 and 502 errors. Has > > anyone ever made this work? > > Erm, yes. Rather frequently! > > > Does it fail because everyone has disabled Telnet access for > > security reasons? If so, how does the HTTP server tell the difference > > between a browser and a Telnet client connecting to port 80? > > Disabling telnet as a *service* prevents you from connecting to the telnet > server on port 23. You're using a telnet *client* to connect to port 80, > hence the ' 80' after the IP address. > > You get the errors because you're asking for a HTTP/1.1 request and not > specifying a hostname. Either do: > > telnet www.some-server.com 80 > <wait for connected banner> > GET /path/file.html HTTP/1.1 > Host: www.some-server.com > > and hit return twice. Or: > > telnet www.some-server.com 80 > <wait for connected banner> > GET /path/file.html HTTP/1.0 > > and hit return twice. HTTP/1.1 was the extension to the HTTP protocol which > allows name-based, rather than IP-based, virtual hosting. It means you can > have several virtual sites handled by the same server application on the > same IP address, and is the way that pretty much all commercial hosting is > done. > > Don't get confused between telnet as a *server* and telnet as a client. When > you use the telnet client to connect to port 80 of a webserver and feed it > the correctly formatted query, the server doesn't know if you're a browser > application or not. It just does as it's asked! > > HTH > > Graeme > -- > Graeme Fowler > System Administrator > Host Europe Group PLC > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
