Strange URL Configuration: domain.com at 12345
Tilman Schmidt
Tilman.Schmidt at sema.de
Tue May 30 06:34:27 UTC 2000
At 12:01 30.05.00 +0800, Lawrence Chan wrote:
[quoting repaired]
> > > >
> > > > http://www.rankingtothetop.com@1078106110/
> > > >
> > > >1. How does this work (i.e., I enter this into my browser and the page
> > > >comes up).
> > >
> > > The part after the @ determines the server. If this is a decimal number
> > > many resolvers interpret it as a numeric IP address. The part before
> > > the @ is just sent along as the username in the HTTP request and
> > > probably ignored by the server.
>[...]
>How would the resolver know to read only the stuff to the right the @ sign
>and to ignore the rest of the URL?
The resolver never sees anything but the stuff to the right of the @ sign.
It's the browser's task to parse the URL and pass only the host name to the
resolver. And the host name in the above URL is 1078106110. Syntactically
www.rankingtothetop.com is the username, never mind that it looks like a
domain name to you and me.
> Apparently it works, but does it work on
>all TCP/IP machines? Is it legal in RFC sense?
The obfuscation with the @ sign and the username that looks like a domain
name is legal in the RFC sense and will work on any machine that correctly
parses URLs. The IP address encoded as a single 32 bit decimal number is
not RFC conformant but an artefact of how the most popular resolvers
process numeric addresses, so there may well exist machines, or rather
programs, where it doesn't work. But spammers don't care for that. They
go for the majority.
--
Tilman Schmidt E-Mail: Tilman.Schmidt at sema.de (office)
Sema Group Koeln, Germany tilman at schmidt.bn.uunet.de (private)
More information about the bind-users
mailing list