_(:з」∠)_想伪装 IIS 的可以注意一下这个差异,IIS 在遇到无效 HTP 请求的时候返回的 Server 头不是 IIS 而是 Microsoft-HTTPAPI/2.0,而且 400 里会有为什么是无效的请求……
漏了 Host 的请求:
-- snip --
# echo "GET / HTTP/1.1\n\n" | nc 192.168.43.177 80 0 1
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 24 May 2015 21:02:37 GMT
Connection: close
Content-Length: 334
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Hostname</h2>
<hr><p>HTTP Error 400. The request hostname is invalid.</p>
</BODY></HTML>
-- snip --
根本就不是 HTTP 的请求:
-- snip --
# echo "WHAT THE FUCK\n\n" | nc 192.168.43.177 80
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 24 May 2015 21:04:14 GMT
Connection: close
Content-Length: 311
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""
http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request</h2>
<hr><p>HTTP Error 400. The request is badly formed.</p>
</BODY></HTML>
-- snip --
好像是个正常的 HTTP 请求(相应内容被省去了):
-- snip --
# echo "GET / HTTP/1.1\nHost: 192.168.43.177\n" | nc 192.168.43.177 80
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 04 Nov 2014 07:02:27 GMT
Accept-Ranges: bytes
ETag: "7b6a334bfdf7cf1:0"
Server: Microsoft-IIS/8.5
X-Powered-By:
ASP.NETDate: Sun, 24 May 2015 21:02:54 GMT
Content-Length: 701
-- snip --