On 02.05.2007 12:21:15, Benjamin Schieder wrote: > On 02.05.2007 12:00:33, Fabian Keil wrote: > > Benjamin Schieder <[EMAIL PROTECTED]> wrote: > > > > > On 02.05.2007 10:46:28, Fabian Keil wrote: > > > > "Mr. Blue" <[EMAIL PROTECTED]> wrote: > > > > > > > > > When I go to: > > > > > http://www.whatismyipaddress.com.tamaribuchi.exit/ > > > > > I get expected response AND IP. > > > > > But when I go to majority sites in form like: > > > > > http://www.domain.net.tamaribuchi.exit/ > > > > > I get: > > > > > Index of / > > > > > > > > Web servers that are responsible for more than one > > > > domain rely on the HTTP "Host" header to decide which > > > > content you're interested in. > > > > > > > > If you use Tor's exit node notation in the URL, > > > > the browser will also append it to the Host header. > > > > > > > > ... > > > > > > > > The latter can be done automatically with Privoxy's > > > > hide-tor-exit-notation filter, you can also do it > > > > manually with Firefox extensions like "Tamper data". > > > > > > The privoxy rule by itself won't work in most cases. At least my > > > installation of firefox does use this: > > > > > > GET http://www.example.com.node.exit/path/to/somewhere HTTP/1.1 > > > Host: www.example.com.node.exit > > > X-SomeHeaders: value > > > > > > The Host: will be modified, but not the GET. This is still futile since > > > I encountered many a webserver ignoring the Host: header with the query > > > as above. > > > > Please name at least one example of a web server that > > expects or relies on the host being part of the request line. > > Full disclosure: this is my own webserver. > > [EMAIL PROTECTED]:/etc/privoxy# tail user.action > # default policy to have a 'blank' image as opposed to the checkerboard > # pattern for ALL sites. '/' of course matches all URLs. > # patterns: > # > { +set-image-blocker{blank} } > #/ > > ## set vi:nowrap tw=72 > { +filter{hide-tor-exit-notation} } > / > > [EMAIL PROTECTED]:/etc/privoxy# telnet localhost 8118 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > GET http://blog.crash-override.net.zwiebelsuppe.exit/ HTTP/1.1 > Host: blog.crash-override.net.zwiebelsuppe.exit > > HTTP/1.1 403 Forbidden > Date: Wed, 02 May 2007 10:19:33 GMT > Server: Apache > Content-Length: 343 > Content-Type: text/html; charset=iso-8859-1 > Connection: close > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>403 Forbidden</title> > </head><body> > <h1>Forbidden</h1> > <p>You don't have permission to access / > on this server.</p> > <hr> > <address>Apache Server at <a href="mailto:[EMAIL > PROTECTED]">blog.crash-override.net.zwiebelsuppe.exit</a> Port 80</address> > </body></html> > Connection closed by foreign host. >
Sorry to reply to myself, but the same is true for http://www.spiegel.de.zwiebelsuppe.exit/ Greetings, Benjamin -- ____ _ _ ____ _ _ _ _____ __ __ / ___|| | / \ / ___|| | | ( ) ____| \/ | \___ \| | / _ \ \___ \| |_| |/| _| | |\/| | ___) | |___ / ___ \ ___) | _ | | |___| | | | |____/|_____/_/ \_\____/|_| |_| |_____|_| |_| play online: telnet://slashem.crash-override.net view scores: http://slashem.crash-override.net watch deaths: irc://irc.freenode.net#slashem
pgpjEmGGkPII2.pgp
Description: PGP signature
