Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

http://domain vs https://domain resolves to different domains

Posted on 2009-02-20
4
Medium Priority
?
1,145 Views
Last Modified: 2012-05-06
i notice that accessing sites with (presumably) no ssl cert using https instead of http often results in loading a page from a completely diff site.  for example, http://tgoresort.com results in a page about an rv resort in florida, while https://tgoresort.com loads a page about shoe inserts.    (depending on your viewpoint, i guess that could be amusing... :-)

the links on the bogus page sometimes point to the correct page by name (but with https prepended), and sometimes point to the bogus domain.  i would assume that is due to relative pages vs fully specified pages.

http://myrtleBeachGolfmasters.com is a page about discount golf in s. carolilna, while https://myrtleBeachGolfmasters.com loads a page from corbera networks.  most links on the page point to corbera networks, but the "mas informacion" link points to https://myrtleBeachGolfmasters.com, and loads a page from corbera.

nslookup gives the same answer for both:
$ nslookup https://www.tgoresort.com
Server:         66.82.4.8
Address:        66.82.4.8#53

Non-authoritative answer:
Name:   https://www.tgoresort.com
Address: 63.251.179.5
Name:   https://www.tgoresort.com
Address: 8.15.7.110

$ nslookup http://www.tgoresort.com
Server:         66.82.4.8
Address:        66.82.4.8#53

Non-authoritative answer:
Name:   http://www.tgoresort.com
Address: 63.251.179.5
Name:   http://www.tgoresort.com
Address: 8.15.7.110

while whois gives diff answers:
$ whois 8.15.7.110
Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
                                  8.0.0.0 - 8.255.255.255
Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1)
                                  8.15.7.96 - 8.15.7.127


$ whois 63.251.179.5
Internap Network Services Corporation NETBLK-PNAP-11-99 (NET-63-251-0-0-1)
                                  63.251.0.0 - 63.251.255.255
Internet Search Services INAP-DEN-INTERNETSEARCH-16579 (NET-63-251-179-0-1)
                                  63.251.179.0 - 63.251.179.63


the question: is this normal, acceptable behavior?  should the https:// ref result in some kind of error msg?
0
Comment
Question by:prevostpilot
  • 2
4 Comments
 
LVL 8

Expert Comment

by:McNetic
ID: 23695089
It is competly normal behaviour as in the behaviour conforms to the internet standards.

You have a slight misunderstanding of the dns system and the http protocol:

DNS is only about host name to ip adress mapping, that is tgoresort.com resolves to 66.193.232.25 currently (for me, as dns entries are cached for a few days usually, this can differ on different name servers. Additionally, there exists dns round robin which gives different ips to different requests).

The http or https scheme is just something your browser interprets: depending on which one is used, it tries to build a normal http or secured https connection, and default port is 80 for http and 443 for https.

As both requests go to different ports on the same webserver (with the ip mentioned above), the server can serve different content to the those two URLs. If now absolute links are set to http://... from https://... or vice versa, the browser will then query the other port and get different (unexpected) content.

This issue always happens on web servers serving multiple domains on a single ip address: for the http protocol, this works without problems, as the request sent by the browser contains the domain name, so the server can decide which domain to server the pages from. On the other hand, when using https, the connection has to be encrypted before exchanging any data, so it is only possible to use one single https certificate on one ip address. In this case, it is the certificate of www.footpain.com, so the web server has to assume the client wants to go to said site, and displays the content of www.footpain.com although the typed in domain is tgoresort.com.
0
 

Author Comment

by:prevostpilot
ID: 23711645
sorry to take so long to get back -

well, actually i understand the protocol://host-addr concept.  it seems that both http://host-addr and https://host-addr should resolve to the same machine, just diff ports, and if there is no cert for a particular page, the 443 port should cough up a message, not serve up some (random?) page.  it would seem that somewhere in the port/socket/ssl/web server chain it would be determined that no cert exists for that combo, and something like a 404 msg should result.

why/where is tgoresort:443 associated with footpain (if you'll pardon the expression)?   where is this association made?

why are there two dns A records for http://www.tgoresort.com but only one for www.tgoresort.com?
nslookup www.tgoresort.com responds with a single address, while
http://www.tgoresort.com responds with two.  dig gives similar results.

despite its compliance with the specs, it "feels" ugly.  i assume the only way to avoid such behavior is to provide a cert for the page i don't want (for lack of a better word) mangled.


tnx
0
 
LVL 8

Accepted Solution

by:
McNetic earned 2000 total points
ID: 23712669
1) Regarding the response to the 'wrong' page: You are right in that the server could respond with a 404 message or something. This is a misconfiguration of the server, maybe in violation of http specs (I'm not completely sure here). But it can not be solved by providing certs to the other pages, as this is not possible (as pointed out in my first post).

2) There is no real associtation between tgoresort:443 and footpain; it's just that www.footpain.com and www.tgoresort.com both resolv to the same IP (meaning the same server). While it is possible to host multipl 'virtual' servers for different domains on one http server, you can only have one domain using https on the server, and that one is footpain.com. If there are other http sites hosted on this server, their https counterparts would also all direct you to the footpain pages.

3) No offense intended, but you do have a slight misconception of the dns und protocol concept. The dns domain name is just the part _after_ the double slashes //. And only dns domain names have dns records. So www.tgoresort.com is a domain name, and this one resolves to an ip address, regardless of the protocol used (may it be http https, ftp, telnet or whatever).
That said, it's meaningless to try 'nslookup http://www.tgoresort.com' as http://www.tgoresort.com is not a domain name. I do not now which versions of nslookup and dig you use, but mine give me other results:

# nslookup https://www.tgoresort.com
Server:         10.66.0.2
Address:        10.66.0.2#53

** server can't find https://www.tgoresort.com: NXDOMAIN

# nslookup http://www.tgoresort.com
Server:         10.66.0.2
Address:        10.66.0.2#53

** server can't find http://www.tgoresort.com: NXDOMAIN

0
 
LVL 16

Expert Comment

by:SteveJ
ID: 23723607
Yeah, prevostpilot . . . what kind of nslookup tool are you using. I have vista, w2k, w2003 server, and Centos and they all fail with a non-existent or NXDOMAIN when I try and prepend http or https to the lookup.

I think McNetic is correct pointing to multiple domains hosted on a single server. The whole point of virtual hosts is to allow this behavior . . . if you think it seems socially aberrant I'd have to agree, there's something just wrong about having one IP serve pain and vacations.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question