[tor-talk] How to choose to get connected to a specific relay?
Roger Dingledine
arma at mit.edu
Tue Jun 21 00:23:46 UTC 2011
On Mon, Jun 20, 2011 at 07:34:42PM -0400, Justin Aplin wrote:
> On Jun 20, 2011, at 5:24 PM, Zaher F. wrote:
>
> > thx very much for the explanation...
> >
> > but when i tried the link u have attached in ur reply
> > http://torproject.org.6297b13a687b521a59c6bd79188a2501ec03a065.exit
> > i got this message :
> >
> > Welcome to vescum!
> > This is vescum, a system run by and for the Tor Project. She does stuff. What kind of stuff and who our kind sponsors are you might learn on db.torproject.org.
>
> Adding a "www." to the address makes it work properly: http://www.torproject.org.6297b13a687b521a59c6bd79188a2501ec03a065.exit
>
> I'm actually not sure why that happens; I'm guessing it's a security
>feature not allowing domain redirections. A technical explanation would
>be appreciated, if anyone happens to know :-)
When your browser connects to the webserver, it sends an http "Host:"
header to specify which virtual host (domain) it wanted the webserver
to give it. It chooses this virthost based on the address you typed into
your browser. So in this case your browser sends
Host: torproject.org.6297b13a687b521a59c6bd79188a2501ec03a065.exit
and the poor webserver is left to guess which virthost you had in mind,
because it hasn't been configured to handle that virthost.
Looks like the apache config for www.torproject.org defaults to giving
you the virthost you expected, and the apache config for torproject.org
defaults to giving you a virthost you didn't expect.
Privoxy has a config option;
+client-header-filter{hide-tor-exit-notation}
that looks through all your Host: headers and strips "foo.exit" from them.
We could imagine teaching Torbutton to do that too.
But the real answer is that you are seeing just how much of a hack the
dot-exit notation was. :) I say was because it's deprecated in 0.2.2
and later.
Hope that helps,
--Roger
More information about the tor-talk
mailing list