cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Host header question

From: Frank BASKER <dearbasker_at_yahoo.com>
Date: Thu, 8 Jan 2009 07:09:17 -0800 (PST)

> It reloads www.att.com with the Host: header set to att.com?

Yes. That's what I get from Webkit.
I didn't notice this problem until I upgraded to 7.19.2

________________________________
From: Daniel Stenberg <daniel_at_haxx.se>
To: the curl tool <curl-users_at_cool.haxx.se>
Sent: Thursday, January 8, 2009 12:47:58 AM
Subject: Re: Host header question

On Wed, 7 Jan 2009, Frank BASKER wrote:

> I am not trying to trick the server

Yes you are. www.att.com and att.com are two different servers. Or at least I'd say that the chances are very likely that they are as they have quite different IP addresses www.att.com has one and att.com has two and they (the addresses) are owned by different organizations.

Thus you're sending a "Host: att.com" header to the www.att.com server even thought that doesn't serve the 'att.com' site!

I'd say that counts as "ticking the server".

> Just got these parameters from Webkit after trying to reload a page that got redirected (CURLOPT_FOLLOW_LOCATION=0)
>
> 1. Load att.com
> url=att.com and host header=att.com
> 2. att.com gets redirected to www.att.com
> url=www.att.com and host header=www.att.com
>
> 3. Reload
> url=www.att.com and host header=att.com
> This fails with curl 7.19.2

It reloads www.att.com with the Host: header set to att.com?

-- 
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
      

-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-01-08