Re: Apache Vhosts and security
tylerl_at_localhost.localdomain
Date: 09/14/03
- Next message: tylerl_at_pickles.localdomain: "Re: Howto detect SYN scan?"
- Previous message: erik: "Re: Look what I've found"
- In reply to: doff: "Apache Vhosts and security"
- Next in thread: Brad Olin: "Re: Apache Vhosts and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 14 Sep 2003 06:07:31 GMT
In article <bjhftm$iri$1@s1.read.news.oleane.net>, doff wrote:
> Hi everyone,
>
> Do you know if it's possible to know if a web server is running with
> virtualhosts ?
> I mean, my apache server at home runs with multiple virtual hosts, and I'd
> like to know if someone could find which are these virtualhost names, and
> especialy how ?
>
> thanks
>
>
Yes and no.
You can send an HTTP 0.9 request to the server. If gives you the page you
expected, it's probably not running virtual hosts. If it sends you a 302
error, and redirects you to some page you've never seen before, then
it's most likely using virtual hosts. It's not foolproof, but it's what
you should expect. (HTTP/0.9 doesn't implement virtual hosts)
Another option is by comparing IP addresses. You can look up the IP for
a set of domain names. If the names all have the same IP, then you can
be sure they're using virtual hosts.
On the other hand, there's virtually no way to actually *list* the domains
that are virtual-hosted on a given server... assuming, of course, that the
server is secure.
-- Tyler Larson
- Next message: tylerl_at_pickles.localdomain: "Re: Howto detect SYN scan?"
- Previous message: erik: "Re: Look what I've found"
- In reply to: doff: "Apache Vhosts and security"
- Next in thread: Brad Olin: "Re: Apache Vhosts and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
