Re: HTTP/2.0 Magic

Oh, and of the 3589 attempts to get a Server header, fully 1099 got some sort of HTTP (or lower layer) error; haven't dug into that yet, though.

I did, however, see some SMTP servers listening on port 80 in earlier testing...

Cheers,


On 21/02/2013, at 6:35 PM, Mark Nottingham <mnot@mnot.net> wrote:

> 
> On 21/02/2013, at 6:29 PM, Willy Tarreau <w@1wt.eu> wrote:
> 
>> On Thu, Feb 21, 2013 at 06:21:02PM +1100, Mark Nottingham wrote:
>>> 
>>> On 21/02/2013, at 6:06 PM, Willy Tarreau <w@1wt.eu> wrote:
>>> 
>>>> That's a great test, thanks for reporting this !
>>>> I think that some experiments may be pursued using :
>>>> - valid, known methods and versions (eg: POST * HTTP/1.1)
>>>> - Connection header
>>>> 
>>>> I suspect that POST will be blocked on a large number of minimal web
>>>> servers (the least compliant ones), add to that "*" which will most
>>>> often not be accepted, and HTTP/1.1 without a Host header field might
>>>> help getting a quick fail. At this point, I don't know if a Connection
>>>> header could help or not (typically Upgrade).
>>> 
>>> Hm. POST has a body, so some might try to buffer it, hanging. Anyway, that's a theory; let's look at the numbers:
>>> 
>>> POST * HTTP/1.1\r\n\r\n
>>> 27607 CLOSE
>>>   232 CONN_ERR
>>>  7309 TIMEOUT
>>> 
>>> Yep, not as good. 
>> 
>> Indeedr, thanks!
>> 
>> Do you know if the ones which timeout in your tests respond to
>> anything ? And if so, maybe we'll find some patterns (eg: just
>> a few very specific implementations) that are worth studying ?
>> 
>> It's also possible that those are blocked by IDS/IPS in front
>> of them simply dropping packets, at which point trying completely
>> valid requests might help.
> 
> 
> Here's the top 50 Server strings from the 3589 TIMEOUTs from the best one so far (the tail is *long*):
> 
>    587 Microsoft-IIS/6.0
>    386 Apache
>    379 -
>    280 Microsoft-IIS/7.5
>     56 Microsoft-HTTPAPI/2.0
>     49 Microsoft-IIS/7.0
>     46 Apache-Coyote/1.1
>     44 Apache/2.2.3 (Red Hat)
>     37 Apache/2.2.3 (CentOS)
>     26 IBM_HTTP_Server
>     19 Microsoft-IIS/5.0
>     18 nginx
>     17 BigIP
>     16 Apache/2.2.16 (Debian)
>     15 Apache/2.2.14 (Ubuntu)
>     12 Sun-ONE-Web-Server/6.1
>     12 Apache/2.0.52 (Red Hat)
>     10 Mbedthis-Appweb/2.4.2
>     10 LiteSpeed
>      9 Lotus-Domino
>      8 Netscape-Enterprise/6.0
>      8 Apache/2.2.15 (Red Hat)
>      8 Apache/1.3.31
>      7 FlashCom/3.5.7
>      7 Apache/2
>      7 
>      6 squid/3.0.STABLE20
>      6 Servidor-Web
>      6 Oracle-iPlanet-Web-Server/7.0
>      6 nginx/0.7.67
>      6 Microsoft-IIS/6.0, 2
>      6 Apache/2.2.22 (Ubuntu)
>      5 Netscape-Enterprise/4.1
>      5 FileMakerPro/6.0v4 WebCompanion/6.0v3
>      5 FileMakerPro/6.0v4 WebCompanion/6.0v1
>      5 Apache/2.2.3 (Linux/SUSE)
>      5 Apache/2.2.15 (CentOS)
>      5 Apache/2.2.10 (Linux/SUSE)
>      4 Zeus/4.3
>      4 nginx/1.2.4
>      4 Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 Resin/3.1.6
>      4 Apache/2.2.0 (Fedora)
>      3 Zope/(Zope 2.10.13-final, python 2.4.6, linux2) ZServer/1.1 Plone/3.3.6
>      3 none
>      3 Apache/2.4.3 (Unix)
>      3 Apache/2.2.3 (Unix) mod_jk/1.2.19 mod_ssl/2.2.3 OpenSSL/0.9.8d
>      3 Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8a DAV/2 PHP/5.3.2
>      3 Apache/2.2.20 (Ubuntu)
>      3 Apache/2.2.17 (Fedora)
>      3 Apache/2.2.12 (Linux/SUSE)
> 
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
> 
> 

--
Mark Nottingham   http://www.mnot.net/

Received on Thursday, 21 February 2013 07:37:57 UTC