cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Host header question

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 8 Jan 2009 08:47:58 +0100 (CET)

On Wed, 7 Jan 2009, Frank BASKER wrote:

> I am not trying to trick the server

Yes you are. www.att.com and att.com are two different servers. Or at least
I'd say that the chances are very likely that they are as they have quite
different IP addresses www.att.com has one and att.com has two and they (the
addresses) are owned by different organizations.

Thus you're sending a "Host: att.com" header to the www.att.com server even
thought that doesn't serve the 'att.com' site!

I'd say that counts as "ticking the server".

> Just got these parameters from Webkit after trying to reload a page that got
> redirected (CURLOPT_FOLLOW_LOCATION=0)
>
> 1. Load att.com
> url=att.com and host header=att.com
> 2. att.com gets redirected to www.att.com
> url=www.att.com and host header=www.att.com
>
> 3. Reload
> url=www.att.com and host header=att.com
> This fails with curl 7.19.2

It reloads www.att.com with the Host: header set to att.com?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2009-01-08