Suppose that my computer is not compromised. If somebody is listening somewhere between my computer and the server (my ISP for example), what can they see of my HTTPS connection?
I assume they can see the domain (e.g. google.com).
But what about the specific site I'm browsing (e.g. /wiki/Privacy in https://en.wikipedia.org/wiki/Privacy)?
What about the subdomain (e.g. en in https://en.wikipedia.org/wiki/Privacy)?
What about GET parameters, everything after the '?' (e.g. https://www.google.com/search?q=privacy). Can they see what I search on google?
Please feel free to add more info in case I've missed to ask something relevant.
Example: https://www.google.com/search?q=privacy
They can see
The full domain (domain or subdomain, here "www.google.com")
The ip of the contacted domain
The approximate size of the exchanged data
The duration of the exchange(s)
They cannot see:
The path (the part of the url after the domain, here "/search")*
The GET or POST parameters (here "?q=privacy")
The content of the answer
The cookies
*After a bug in proxy discovery, the path and GET parameters may be transmitted in plain text (http://www.securitynewspaper.com/2016/08/01/proxy-pac-hack-allows-intercept-https-urls/).
And with the approximate size of the exchanged data, it may be possible to infer witch pages were visited.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 4 years ago.
Improve this question
i was thinking of having 2 websites, and i'd write all my stuff (not using wordpress hosts for example). As far as i understood i can "link" several urls with a single web-hosting server. (Let's suppose i'd use a windows host, just because i'm more comfortable with windows than Linux).
But how do i make that actual server work? Before spending money i'd like to know what i'm getting into.
All i can think of is i'd run the server program (like "node server.js"), but how does the url connect someone to that program instead of another "server.exe" in the same host? How does it all work? Everytime i look for tutorials or examples i get stuff that aims to non-programmers to "make your website easy using our templates". I dont want that.
As i said, this question has nothing to do with relative vs absolute urls. I've no idea where the one that flagged it has read something like that in my words.
Let's split it in parts, shall we?
As far as i understood i can "link" several urls with a single web-hosting server
If by that you mean that you can have more than 1 domain name for your web-server; yes you can.
A domain name is something like "www.google.com" for instance.
So I understand that you're asking if you can have two different domain names, like "www.myweb.com" and "some.other-domainname.org" to point to your machine that will be hosting your website.
Yes you can. You should take a look on what a Domain Name System is.
But basically, what a DNS does is translate these names into actual IP addresses. This is done by having something called a name table that could look like:
"www.google.com" -> XXX.XXX.XXX.XXX (for IPv4 as an example)
"www.youtube.com" -> AAA.AAA.AAA.AAA
Since this is done by some kind of mapping you will also need a static IP address.
Both, static IP adresses and domain names must be bought or rented.
The way the things are connected, they also have to do with the ports where they operate. For instance, http requests operate in port 80 and SSH typically in port 22 if I remember correctly.
So what your web-server would do something similar to this:
listen to port 80 -> read the requested file (specified within the URL request) -> send it through that port 80 along with the http headers and payload as a response.
After that the browser requesting the file would read that http response, parse it and show that info into the actual window of the browser.
And you can also rent a webhosting service.
A webhosting service is basically somebody that already dealt with all of this gibberish and has machines that are ready to serve web content. You only have to upload your website into their webserver.
You can also buy a domain name and make it to point to that rented service
To host your own webserver you need to decide which webserver to use:
You basically have two options: Apache or nginx
As you are hosting on windows and are only using the server for developing I can recommend XAMPP, it contains Apache, MariaDB(SQL Database based on MySql),PHP and Perl. Installation is usage is straight forward but if you want here is a tutorial to use it.
As Tripp Kinetics pointed out, you should probably check out some HTML tutorials or buy a book.
I checked my domain in mxtoolbox and found following errors/warnings:
dmarc Missing or Invalid Record
https The Certificate is invalid
smtp Reverse DNS does not match SMTP Banner
dns At least one name server failed to respond in a timely manner
dns SOA Expire Value out of recommended range
I added a txt record in DNS zone for as "_dmarc" and checked it
nslookup -query=txt _dmarc.mydomain.com
its showing our server IP
Please advise how can I fix all these errors or warnings?
Best regards
#lifesaver That's a tall order without knowing what your domain is to evaluate.
But here's your general answers.
If you're missing a DMARC Record in DNS Add it. If it's invalid we need to know what you added
Why is the certificate invalid?
You need to make it match for smtp (Also it's a good idea to make it match for pop and imap
mxtoolbox has a small timeout window on DNS queries use a different tool
This is pretty subjective - but it's talking about the SOA TTL value in DNS is outside of their recommended range. Not sure what their recommended range is, but RFC 1912 recommends 14-28 days.
If you need answers to the questions above send an email to mailtest#unlocktheinbox.com - It will auto-respond and give you a lot more insight, to what's going on.
Rather than just read theory, I decided to test how JQuery's CDN reduces website latency. My method is pretty basic.
Assuming a web developer places the following JQuery (CDN) tag on a web page:
<script src="//code.jquery.com/jquery-1.12.0.min.js"></script>
The DNS lookup for code.jquery.com should return the IP of the closest (proxy / caching / CDN) server depending on where I'm located in the World.
I have two IP addresses.
At work I go through a proxy, my IP maps to the United States. Using my phone's cellular connection, my IP address maps to the United Kingdom (I am located in the UK). I tested this multiple times.
Using both connections, I performed a DNS lookup on code.jquery.com. On both occasions, the IP of a server in United States was returned:
code.jquery.com is an alias for code.jquery.netdna-cdn.com.
code.jquery.netdna-cdn.com has address 94.46.159.11
I assumed a DNS lookup would return a proxy server in Europe (when my IP maps to the United Kingdom) and jquery-1.12.0.min.js is served from the closes edge server.
Update
I found the article, Different CDN technologies: DNS Vs Anycast Routing, incredibly useful and I wanted to include it here for others. It covers to two methods for ensuring a user hits an edge caching server that's geographically nearby.
I get the same IP from my location (Latvia). But I asked guys from jquery cdn provider (which is maxcdn.com). An they told me this:
Though the IP itself is registered in US, it's not a standard unicast IP.
This one uses the anycast system, which means it resolves to multiple locations at the same time.
The easiest way you can check that is to do a tracroute to 94.46.159.11
the traceroute will end up in Europe on one of our EU servers.
I've traced the request, and ended up in Frankfurt.
This is a "Blocked Port 80" related question, but maybe something a bit unique. I've yet to find a good answer. It's more academic than anything as I know running a production server at your house is a ridiculous idea.
I'm running a development server (LAMP) at my home but my ISP blocks port 80. The DNS for my domain is set up to "URL Redirect" to my IP and port number. My router is port-forwarding to my server, and I have Apache set up so it's listening on port 8081.
The issue is that when you access the domain, the URL in the browser is resolved from my domain name to the IP and port number, and is displayed as such. For example, you type "www.banana.com" into the browser, the site is displayed but now the URL is shown as "12.23.456.11:8081".
Is there any way to fix this so that the domain name does not become IP and port number?
Can you use Apache proxy functionality somehow?
Could you use mod_rewrite to change the IP and port number back to the domain name?
Thanks in advance!
This question has three parts. First the issue of the domain: in order to substitute a domain name in place of an IP address you need some name server that can map your desired name to an address. This is at the host level and not the port level so a domain name will encompass all ports you might host from it. If you are using your home Internet connection (which I suspect you are since you talk about a blocked port) then you need to take into account that from time to time your public IP address can change. Your options are to pay for (or request) a static IP from your ISP or use a dynamic DNS service that can rapidly update their records as your IP address changes.
As for your port number. Mod_rewrite only handles the path part of a URL, for using different ports internally you want mod_proxy. The Apache web sever with mod_proxy would be configured to listen on the public port you want (that I assume is port 80) then mod_proxy would take incoming requests and send them to another web server on a different port (or even different server). To the outside user this happens invisibly. The problem is if your ISP wont let you host your site on port 80 then it logically won't let you proxy from port 80. To get around this would be a little harder. Personally I would look at a virtualized server from people like Rackspace or Linode. You would get (for relatively little money) a fully configurable server on the open Internet with no restrictions on port usage and a static IP. Even better if you mess something up you can just virtually delete your server and start over with a fresh OS image.
Finally the clean URLs your question title suggests. It's possible this wasn't part of your actual question but just in case, mod_rewrite is a smart module that can let you map clean URLs like /cars/Toyota/1997 and turn them into more ugly requests like /cars.php?make=Toyota&year=1997. Clean URLs not only look better they make it easier to reorganize web code behind the scenes as your web site evolves.
One last thing, and its amazing to me that this question has gone so long without even a comment about this but, this question is really not a good fit for StackOverflow. Possibly ServerFault.com. Good luck! :)
Let's say I have a domain, js.mydomain.com, and it points to some IP address, and some other domain, requests.mydomain.com, which points to a different IP address. Can a .js file downloaded from js.mydomain.com make Ajax requests to requests.mydomain.com?
How exactly do modern browsers enforce the same-domain policy?
The short answer to your question is no: for AJAX calls, you can only access the same hostname (and port / scheme) as your page was loaded from.
There are a couple of work-arounds: one is to create a URL in foo.example.com that acts as a reverse proxy for bar.example.com. The browser doesn't care where the request is actually fulfilled, as long as the hostname matches. If you already have a front-end Apache webserver, this won't be too difficult.
Another alternative is AJAST, which works by inserting script tags into your document. I believe that this is how Google APIs work.
You'll find a good description of the same origin policy here: http://code.google.com/p/browsersec/wiki/Part2
This won't work because the host name is different. Two pages are considered to be from the same origin if they have the same host, protocol and port.
From Wikipedia on the same origin policy:
The term "origin" is defined using the
domain name, application layer
protocol, and (in most browsers) TCP
port of the HTML document running the
script. Two resources are considered
to be of the same origin if and only
if all these values are exactly the
same.