Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP Host header is missing port info #766

nnposter opened this issue Mar 16, 2017 · 0 comments


Copy link

commented Mar 16, 2017

According to RFC 2616, Section 14.23:

The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI...

and also

A "host" without any trailing port information implies the default port for the service requested

HTTP requests generated by http.lua never include port information in the Host header, which is causing these requests to fail with some servers.

local function get_host_field(host, port)
  return stdnse.get_hostname(host)

I am proposing to rectify the issue by making the function more compliant with the RFC as follows:

local function get_host_field(host, port)
  if not host then return nil end
  local ssl = shortport.ssl(host, port)
  local pn = port.number
  if not ssl and pn == 80 or ssl and pn == 443 then
    return stdnse.get_hostname(host)
    return stdnse.get_hostname(host) .. ":" .. pn

Please let me know if you have any questions or concerns. Otherwise I will commit the change in a few weeks.

As a side note, a similar logic where default port numbers are being derived from the scheme exists in several other areas. I will put together a follow-up patch to abstract out the logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.