logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 



Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



Looking for people with IIS and nginx on Win

 
Post new topic   Reply to topic    Apache Forum Index -> News & Hangout



View previous topic :: View next topic  
Author Message
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2101
Location: Sun Diego, USA

PostPosted: Wed 21 Jun '17 2:58    Post subject: Looking for people with IIS and nginx on Win Reply with quote

I would like to find out how IIS and nginx on Windows reacts to http://domain/con

On Windows "con" is reserved for some reason and you cannot create a directory named con or any file named con regardless of the extension or none at all. So on Windows this file/directory name cannot exist and therefor one would think we would get a 404 right?

Wrong, at least Apache on Windows it gives a 403. I'd like to know how the other web servers deal with it.

This only happens on Windows as *nix doesn't have this reserved word.
http://www.apache.org/con

The 403 is technically correct but can be used to see if there's an Apache on Windows answering (fingerprinting).

While I could set up an IIS and nginx on my own computers, I'd rather not have to just to test a single URL.

TIA

By the way I'm not making anything public that isn't already out in the wild.
https://bz.apache.org/bugzilla/show_bug.cgi?id=55887

3 and a half years now and I cannot understand how I've missed seeing this in all that time. While I don't venture into bugzilla as much as I should, I've looked through it many times since that was posted.
Back to top
yosoyminero



Joined: 16 Jun 2015
Posts: 11
Location: Spain

PostPosted: Wed 21 Jun '17 14:20    Post subject: Reply with quote

If you want to experiment with Nginx and IIS Express, you can try with xtack.

Check out https://xtack.org
Back to top
admin
Site Admin


Joined: 15 Oct 2005
Posts: 536

PostPosted: Wed 21 Jun '17 15:34    Post subject: Reply with quote

@yosoyminero : maybe you can verify it for Gregg ?
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 26
Location: Sch├Âmberg, Baden-W├╝rttemberg, Germany

PostPosted: Wed 21 Jun '17 22:30    Post subject: Reply with quote

Checked NginX 1.13.1.1 x32 (and Apache 2.4.26 x64) on Windows 7 x64.
Access to http://localhost/con (=Apache) results in a 403 (as already mentioned by glsmith).
Access to http://localhost:1080/con (=NginX) results in a 500 with the following message in the error.log:
Code:
2017/06/21 22:23:43 [crit] 7360#1128: *1 GetFileInformationByHandle() "c:/srv/www/con" failed (6: FormatMessage() error:(15100)), client: 127.0.0.1, server: localhost, request: "GET /con HTTP/1.1", host: "localhost:1080"
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2101
Location: Sun Diego, USA

PostPosted: Thu 22 Jun '17 1:34    Post subject: Reply with quote

@mraddi

Thank you, the GetFileInformationByHandle() "c:/srv/www/con" failed I would expect. 500 seems odd though not really incorrect. Nor the 403 from Apache cause nothing can get to anything named con in Windows.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2101
Location: Sun Diego, USA

PostPosted: Thu 22 Jun '17 1:48    Post subject: Reply with quote

I figured out a way to get IIS's responses thanks to the SSLLabs server test. I've often looked at failed tests and remember of those I've looked at overs the years there have been many IIS servers being tested. There's plenty of everything failing but I can easily get URLs for IIS this way where I cannot find out what OS an nginx is running on unless maybe I also check with netcraft.

So far I've uncovered IIS/6 403s, IIS/10 404s. I had a IIS/7.5 to try but it erred and then erred again when trying to serve me up a custom error document so that ruined that server.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2101
Location: Sun Diego, USA

PostPosted: Sat 24 Jun '17 1:24    Post subject: Reply with quote

After backing backing up everything important and not caring if my hard drive dies (Windows is warning) I went and read the other info linked in the bug report and it looks worse.

aux|con|com[1-9]|lpt[1-9]|nul|prn

All are reserved so I've added them to the patch I worked up for this PR. For the uber paranoid until this makes it to 2.4 (if ever) here it is

Edit: Patch removed, back to drawing board.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> News & Hangout
Page 1 of 1