Don't include a port number in the Host header.

We never intend to ask for a service on a port other than the one we connect to. By my reading of RFC 2616 section 14.23, we can leave the port number off in this case. Robin Wood reported that https://twitter.com/ gives you a redirect instead of a page if you send it Host: twitter.com:443 rather than Host: twitter.com http://seclists.org/nmap-dev/2013/q1/267
2025-12-30 19:39:07 +00:00 · 2013-03-02 01:05:32 +00:00
parent cac0880ca6
commit 1ebb9bfe20
1 changed files with 2 additions and 14 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -147,21 +147,9 @@ local function table_augment(to, from)
 end

 --- Get a value suitable for the Host header field.
+-- See RFC 2616 sections 14.23 and 5.2.
 local function get_host_field(host, port)
-  local hostname = stdnse.get_hostname(host)
-  local portno
-  if port == nil then
-    portno = 80
-  elseif type(port) == "table" then
-    portno = port.number
-  else
-    portno = port
-  end
-  if portno == 80 then
-    return hostname
-  else
-    return hostname .. ":" .. tostring(portno)
-  end
+  return stdnse.get_hostname(host)
 end

 -- Skip *( SP | HT ) starting at offset. See RFC 2616, section 2.2.