KTORIUM » http http://blog.ktorium.com Tal Kedar's Orchard Tue, 21 Jul 2009 19:17:24 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 The nnCoection response header http://blog.ktorium.com/2009/06/the-nncoection-response-header/ http://blog.ktorium.com/2009/06/the-nncoection-response-header/#comments Wed, 17 Jun 2009 22:44:41 +0000 Tal Kedar http://www.ktorium.com/blog/?p=6 I thought I’ve stumbled on some hand-crafted response from Amazon: 
$ nc -vv www.amazon.com 80
Connection to www.amazon.com 80 port [tcp/http] succeeded!
GET / HTTP/1.1

HTTP/1.1 400 Bad Request
Date: Wed, 17 Jun 2009 22:31:39 GMT
Server: Server
Content-Length: 226
nnCoection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>
Note the nnCoection: close response header. The 400 response is returned, in this case, because of a missing Host request header.

Turns out the spelling mistake is intentional – Andrew Wooster’s excellent post claims that the header is changed by a load-balancing service, overriding the web server’s directive. A comment on that post identifies the service as the Citrix NetScaler appliance, and explains the logic of scrambling rather than removing the header altogether. Cool stuff.

]]> http://blog.ktorium.com/2009/06/the-nncoection-response-header/feed/ 0