Penetration Testing mailing list archives

Re: HTTP request working via hostname but not via IP address

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sun, 07 May 2006 20:14:41 -0700

Most likely a host-header has been specified at the server- thus, the server
will only process requests with that specific host name, not the IP.  I do
this with all my configs-- IP based attacks/worms won't even be processed
this way (think Code Red).

t


On 5/5/06 7:47 AM, "Arjun Venkatraman" <arjunishere () gmail com> spoketh to
all:

 Hi all,

 I have a pretty basic sort of problem. While sending an HTTP request
to a machine using a VBScript, when I mention the hostname in the URL,
the request goes through smoothly. However, when I mention the IP
address explicitly, the request does not go through. I have confirmed
he IP address multiple times to make sure the error is not a typo.

If the machine name had not been accessible, I would have concluded
that the DNS query was the problem. But with the hostname working and
the IP not working I am stumped.

Any ideas?

Cheers

Arjun

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------

Current thread:

Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 07)
- Re: HTTP request working via hostname but not via IP address Javier Liendo (May 07)
  - Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 08)
    - Re: HTTP request working via hostname but not via IP address Ron Nelson (May 08)
    - Re: HTTP request working via hostname but not via IP address Arjun Venkatraman (May 09)
    - RE: HTTP request working via hostname but not via IP address Admin.mmm (May 08)
    - RE: HTTP request working via hostname but not via IP address Omar A. Herrera (May 08)
    - RE: HTTP request working via hostname but not via IP address Marvin Simkin (May 08)
- Re: HTTP request working via hostname but not via IP address Thor (Hammer of God) (May 07)
- <Possible follow-ups>
- RE: HTTP request working via hostname but not via IP address Hiten Pankhania (May 08)