RE: [cobalt-security] Possibly OT - Telnet and HTTP

[Graeme Fowler <graeme.fowler@xxxxxxxxxxxxxx>]

Edward Bishop wrote:

> The HTTP tutorials etc on the web all suggest that you telnet to a web
> server to experiment with HTTP requests and responses, eg
> telnet www.some-server.com 80
> and then send
> get /path/index.htm http/1.1
> 
> but I can't get anything except 500, 501 and 502 errors. Has 
> anyone ever made this work?

Erm, yes. Rather frequently!

> Does it fail because everyone has disabled Telnet access for
> security reasons? If so, how does the HTTP server tell the difference
> between a browser and a Telnet client connecting to port 80?

Disabling telnet as a *service* prevents you from connecting to the telnet
server on port 23. You're using a telnet *client* to connect to port 80,
hence the ' 80' after the IP address.

You get the errors because you're asking for a HTTP/1.1 request and not
specifying a hostname. Either do:

telnet www.some-server.com 80
<wait for connected banner>
GET /path/file.html HTTP/1.1
Host: www.some-server.com

and hit return twice. Or:

telnet www.some-server.com 80
<wait for connected banner>
GET /path/file.html HTTP/1.0

and hit return twice. HTTP/1.1 was the extension to the HTTP protocol which
allows name-based, rather than IP-based, virtual hosting. It means you can
have several virtual sites handled by the same server application on the
same IP address, and is the way that pretty much all commercial hosting is
done.

Don't get confused between telnet as a *server* and telnet as a client. When
you use the telnet client to connect to port 80 of a webserver and feed it
the correctly formatted query, the server doesn't know if you're a browser
application or not. It just does as it's asked!

HTH

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC