hi there: When I use IE 6 web browser, Apache 1.3 accept this kind of request but Apache 2.0 doesn't. When I use IE 7 web browser, Apache 2.0 also accept this kind of request.
2006/3/15, gboyce <[EMAIL PROTECTED]>: > On Tue, 14 Mar 2006, Chris Umphress wrote: > > > On 3/14/06, gboyce <[EMAIL PROTECTED]> wrote: > >> I tried this trick against my personal Apache 2 webserver, and got a 400 > >> bad request as well. The apache log is showing "Client sent malformed > >> Host header". > >> > >> It looks like Apache is getting the decimal host header, and doesn't > >> understand what to do with it. Oddly, the host mentioned in the initial > >> e-mail is also Apache, but it's Apache 1.3. > >> > >> Is your Apache on windows server 1.x or 2.x? > > > > > > I'll jump in and say that mine works works this way (If you want to > > verify, it is http://1136002182/). > > > > I am using Apache 1.3 and have several virtual hosts set up. Since > > Apache returns the first virtual host if it doesn't match the names of > > any of the other virtual hosts. That could be the determining factor > > for why some work and others don't. > > I have virtual hosts setup as well, and this behavior doesn't work for me. > > I tested a few different servers, and what I've found is that Apache 1.3 > accepts hosts defined in this manner. Apache 2.0 fails with a 400 error. > > Greg > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Homepage:http://www.lwang.org We collect spam for research at: mailto:[EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
