[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Virtual Hosts
From:       Dan Caescu <dan_c () PELLIN ! RO>
Date:       2001-05-05 16:28:07
[Download RAW message or body]

yeah , but usually these sites are registered by other users who will all
host them on an single server. so i think the solution is not entirely
useful . :)
they could have different soa for each site hosted (as for each client they
have).
if they offer a complete solution they would have to register the domains by
themselves (the isp would have to do that) so i think in this case would be
the same soa.

anyway, it's a good ideea :))

Dan Caescu


----- Original Message -----
From: "Carric Dooley" <carric@COM2USA.COM>
To: <WWW-MOBILE-CODE@SECURITYFOCUS.COM>
Sent: Wednesday, May 02, 2001 9:05 PM
Subject: Re: Virtual Hosts


> This might be one approach:
>
> Assuming the SOA for one www site on a server would most likely be the SOA
> for all the other www sites, you could use whois and networkslolutions to
> find out which domains those DNS servers were authoritative for. All the
> sites that resolve to that one IP would have to be virtual hosts (the snag
> would be if they are using a different IP for each site, then it's harder
> to find out, unless you can somehow get at the routers arp cache to
> compare the mac addresses.. could use snmp if you know the community
> string).
>
> Maybe with more consideration I can think of something a little less
> hoakey..  =)
>
> Carric Dooley
> Senior Consultant
> COM2:Interactive Media
>
> "But this one goes to eleven."
> -- Nigel Tufnel
>
>
> On Tue, 1 May 2001, Dan Caescu wrote:
>
> > you can't :)
> > the virtual hosts from httpd.conf are not viewable for www . so there is
> > really no way to tell which sites are being hosted by the same web
server.
> > you could do the other way : given a number of sites , you could tell
how
> > many are hosted by the same server (nslookup each one and see which
adress
> > matches).
> >
> > dan
> > -----Original Message-----
> > From: Voodoo Child <auto125268@HUSHMAIL.COM>
> > To: WWW-MOBILE-CODE@SECURITYFOCUS.COM
<WWW-MOBILE-CODE@SECURITYFOCUS.COM>
> > Date: Tuesday, May 01, 2001 7:42 AM
> > Subject: Virtual Hosts
> >
> >
> > >I know from HTTP 1.1 onwards clients should send the host they think
they
> > >are communicating with so as to not get confused with web server that
are
> > >virtual hosting, but how can I tell what other sites are being hosted
by
> > >that web server ?
> > >Free, encrypted, secure Web-based email at www.hushmail.com
> >

[prev in list] [next in list] [prev in thread] [next in thread]