Web servers
A web server is a computer the stores and processes web pages to a client via HTTP(S).
Last updated
A web server is a computer the stores and processes web pages to a client via HTTP(S).
Last updated
The Document Root is the directory on a web server where web content and files are stored. It serves as the starting point for the web server to locate and serve web pages and resources. When a user accesses a specific URL, the web server looks within the Document Root to find the corresponding files to deliver to the user's browser.
The Server Root is the top-level directory on a web server where all server-related configuration files and directories are located. It often includes the server's configuration files, log files, and other system-related resources. The Server Root is distinct from the Document Root, which contains web content.
The Virtual Document Tree is a concept used in web server configuration to map URLs to directories within the Document Root. It allows web administrators to create a virtual directory structure that may not necessarily correspond directly to the server's file system. This is particularly useful for creating user-friendly URLs and organizing web content.
Virtual Hosting is a technique that allows a single web server to host multiple websites on the same physical server. It's achieved by configuring the server to recognize different hostnames (e.g., and ) and serve the appropriate web content based on the requested hostname. Virtual Hosting can be implemented using techniques such as Name-based Virtual Hosting and IP-based Virtual Hosting.
A Web Proxy is an intermediary server that acts as a gateway between a client and a web server. It receives client requests, forwards them to the destination web server, and then returns the web server's responses to the client. Web proxies can serve various purposes, including enhancing security, improving performance, caching content, and providing anonymity for users. They are often used to filter or redirect web traffic within a network.
HTTP response splitting is an attack where:
Untrusted data from an HTTP request enters a web application.
This data, if not properly validated, is included in an HTTP response header that is sent to a web user.
To succeed, the attacker must introduce malicious data into the application, which incorporates it into an HTTP response header. The application must permit input with characters like CR (carriage return) and LF (line feed) in headers.
Here's a simplified example:
Consider a code segment that reads the name of a weblog entry's author, "author," from an HTTP request and sets it in a cookie header of an HTTP response.
Assuming a string with standard alphanumeric characters, such as "Jane Smith," is submitted in the request, the HTTP response, including this cookie, would appear as follows:
However, if the value of the cookie is composed of unvalidated user input, the response will only maintain this form if the submitted value for AUTHOR_PARAM does not contain CR and LF characters. If an attacker submits a malicious string, such as "Wiley Hacker\r\nContent-Length:999\r\n\r\n...", the HTTP response would be split into an imposter response followed by the original response, which is now ignored:
Note that the example provided is written in Java. However, this issue has been resolved in nearly all modern Java EE application servers.
Web Cache Poisoning Attack is a sophisticated exploitation technique. It involves an attacker taking advantage of a web server and cache's behavior to serve a malicious HTTP response to unsuspecting users. This attack comprises two fundamental phases:
The attacker needs to figure out how to trigger a response from the back-end server that unintentionally includes a harmful payload.
After succeeding in this, the attacker ensures that their response is stored in the cache and then delivered to the target victims.
A compromised web cache can serve as a potent vector for propagating a variety of attacks, capitalizing on vulnerabilities such as Cross-Site Scripting (XSS), JavaScript injection, open redirection, and more. This makes web cache poisoning a highly effective and potentially devastating attack method.
