Posted almost 9 years ago. Visible to the public.

Make an HTTP request to a machine but fake the hostname

Consider you have a website vhost listening to www.example.com, redirecting all incoming requests that do not talk about the configured hostname (this is often used to redirect users to http://www.example.com when entering only http://example.com/).

If you want to make a request to that site's web server without actually talking to www.example.com (e.g. because this is a load balancer's address but you want to access one specific machine), you cannot just request machine1.example.com or localhost as the above vhost will redirect your request.

When talking HTTP 1.1, your client (browser) uses the HTTP header "Host" to tell the web server what host it's requesting for. This is what we want to change in order to properly "fake" the request. You can do it in different ways, here are two:

Using cURL

Since version 7.21.3 cURL allows specifying an IP address, thus forging the hostname for the request.

Copy
$ curl --resolve www.example.com:80:127.0.0.1 http://www.example.com/

The --resolve switch allows you to tell curl which address to request when it would resolve a given hostname. In the above snippet cURL uses 127.0.0.1 (localhost) instead of resolving www.example.com via DNS.

Telnet (aka classic mode)

You can use telnet to speak HTTP, e.g. if your cURL is below 7.21.3:

Copy
$ telnet 127.0.0.1 80 GET / HTTP/1.1 Host: www.example.com <Return> <Return>

Here you make an HTTP 1.1 request manually. The Host header tells the server that this request is for www.example.com. Terminate your request headers by 2 linebreaks.

Once an application no longer requires constant development, it needs periodic maintenance for stable and secure operation. makandra offers monthly maintenance contracts that let you focus on your business while we make sure the lights stay on.

Owner of this card:

Avatar
Arne Hartherz
Last edit:
over 5 years ago
by Arne Hartherz
Keywords:
apache, ServerName
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Arne Hartherz to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more