[Gllug] Dishonouring Redirects

Steve Nelson sanelson at gmail.com
Mon May 23 15:26:05 UTC 2005


Hello Chums,

How would you go about forbidding a request which came from a redirect?

I have a nice case of a cyber-sqatter with a redirect running...

sanelson at paddy:~$ wget www.groupedanone.com
--16:17:19--  http://www.groupedanone.com/
           => `index.html'
Resolving www.groupedanone.com... 210.51.187.84
Connecting to www.groupedanone.com[210.51.187.84]:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.nestle.com [following]
--16:17:21--  http://www.nestle.com/
           => `index.html'
Resolving www.nestle.com... 164.109.84.143
Connecting to www.nestle.com[164.109.84.143]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 17,574 [text/html]

100%[====================================>] 17,574        65.25K/s

16:17:22 (65.17 KB/s) - `index.html' saved [17574/17574]

Here's the packet capture:

0000  00 0d 56 e1 d8 47 00 30  7b 94 eb e4 08 00 45 00   ..V..G.0 {.....E.
0010  01 2d 2e 1d 40 00 2d 06  c3 4f d2 33 bb 54 a6 2c   .-.. at .-. .O.3.T.,
0020  27 aa 00 50 05 42 6b 47  21 9c e2 fa 19 fb 50 18   '..P.BkG !.....P.
0030  19 20 5d d6 00 00 48 54  54 50 2f 31 2e 31 20 33   . ]...HT TP/1.1 3
0040  30 31 20 4d 6f 76 65 64  20 50 65 72 6d 61 6e 65   01 Moved  Permane
0050  6e 74 6c 79 0d 0a 44 61  74 65 3a 20 4d 6f 6e 2c   ntly..Da te: Mon,
0060  20 32 33 20 4d 61 79 20  32 30 30 35 20 31 34 3a    23 May  2005 14:
0070  33 30 3a 35 38 20 47 4d  54 0d 0a 53 65 72 76 65   30:58 GM T..Serve
0080  72 3a 20 41 70 61 63 68  65 2f 31 2e 33 2e 33 31   r: Apach e/1.3.31
0090  20 28 55 6e 69 78 29 20  6d 6f 64 5f 66 6f 72 77    (Unix)  mod_forw
00a0  61 72 64 5f 30 5f 33 0d  0a 4c 6f 63 61 74 69 6f   ard_0_3. .Locatio
00b0  6e 3a 20 68 74 74 70 3a  2f 2f 77 77 77 2e 6e 65   n: http: //www.ne
00c0  73 74 6c 65 2e 63 6f 6d  0d 0a 43 6f 6e 6e 65 63   stle.com ..Connec
00d0  74 69 6f 6e 3a 20 63 6c  6f 73 65 0d 0a 54 72 61   tion: cl ose..Tra
00e0  6e 73 66 65 72 2d 45 6e  63 6f 64 69 6e 67 3a 20   nsfer-En coding:

The client wants to honour 'normal' http requests from the
210.52.187.84 address, but not allow the redirects.

I can't do this at the firewall - as the information is at too high a
level (presentation/session/application)

I'm guessing there must be some way of inspecting the http packets,
and rejecting those with a 301 inside?

What say you?

S.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list