exit notation stripping
Drake Wilson
drake at begriffli.ch
Fri Jul 10 08:00:23 UTC 2009
Quoth Scott Bennett <bennett at cs.niu.edu>, on 2009-07-10 01:44:22 -0500:
> Next, privoxy sends an HTTP GET request, which contains no hostname,
> domainname, Nickname.exit, nor IP address through the connection to
> the web server at the other end.
Someone's either been living in HTTP/0.9 days or hasn't been reading
the specs. HTTP/1.1 requires a Host field because multiple domains
may be hosted at one TCP endpoint, and that's exactly the problem: the
full URI is (albeit in pieces) passed through the whole way at the
application layer, and the exit notation is included in the URI. A
full example flow is:
- Browser sends GET http://example.net.example.exit/ to an HTTP proxy
that is not aware of exit notation.
- The HTTP proxy connects to the Tor SOCKS proxy, requesting a
connection to example.net.example.exit.
- Tor builds its circuit and makes the connection.
- The HTTP proxy passes through GET http://example.net.example.exit/
to the origin server.
- The origin server looks up whether it knows of any site to serve
under "example.net.example.exit", finds that it doesn't, and
returns an error. Alternatively, it uses a default site, which
may be the wrong one. Alternatively, it does whatever it usually
does but now has mostly-definitive information that this user is
using Tor and has requested a specific exit node.
This is why Privoxy includes a filter to strip the exit notation from
the Host header when passing the request through, and why this filter
should be enabled when using Privoxy for Tor purposes.
---> Drake Wilson
More information about the tor-talk
mailing list