Hello folks, Does anyone know what load balancer has this behavior?. Apparently requesting over HTTP 1.0 without a trailing slash reveals the internal IP addresses of the web servers.
<HTTP 1.0 without trailing slash> --> HEAD /docs HTTP/1.0 HTTP/1.1 301 Moved Permanently Date: Tue, 15 Jan 2008 09:59:57 GMT Server: Apache Location: http://192.168.1.2/docs/ Connection: close Content-Type: text/html; charset=iso-8859-1 --> HEAD /docs HTTP/1.0 HTTP/1.1 301 Moved Permanently Date: Tue, 15 Jan 2008 09:59:57 GMT Server: Apache Location: http://192.168.1.4/docs/ Connection: close Content-Type: text/html; charset=iso-8859-1 --> HEAD /docs HTTP/1.0 HTTP/1.1 301 Moved Permanently Date: Tue, 15 Jan 2008 09:59:57 GMT Server: Apache Location: http://192.168.1.3/docs/ Connection: close Content-Type: text/html; charset=iso-8859-1 <HTTP 1.0 with trailing slash> --> HEAD /docs/ HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 15 Jan 2008 10:00:14 GMT Server: Apache Connection: close Content-Type: text/html <HTTP 1.1 without trailing slash> --> HEAD /docs HTTP/1.1 --> HOST: example.com HTTP/1.1 301 Moved Permanently Date: Tue, 15 Jan 2008 10:00:43 GMT Server: Apache Location: http://example.com/docs/ Connection: close Content-Type: text/html; charset=iso-8859-1 <HTTP 1.1 with trailing slash> --> HEAD /docs/ HTTP/1.1 --> HOST: example.com HTTP/1.1 200 OK Date: Tue, 15 Jan 2008 10:01:00 GMT Server: Apache Connection: close Content-Type: text/html Ed <blogdoteonsecdotcom> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/