You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by bruce <be...@earthlink.net> on 2005/11/24 03:21:03 UTC

[users@httpd] Internet Web Server/Client Guru needed!!

Hi...

I'm working on a project, and need to know if there's anyone who's a guru
with Web Server/Client interactions. Basically, I'm trying to get a much
better/deeper understanding of the HTTP protocols defining the information
that is sent/transfered between the web server/client browser apps.

I'm also interested in understanding what the various information is that
gets transfered between the apps, as well as understanding what information
can be spoofed/altered on the client side, as it goes back to the server.

I know about the querystring information (post/get/request/etc...). I'm more
interested in the information that can be sent/viewed behind the scenes like
header, ip addresses, mac addresses, machine IDs, etc... I'm also trying to
understand just how much information can be seen by the web srever, from the
browser/client app. At the same time, I'm curious as to just what the web
server can get from the client app. All of this applies to me trying to get
a better understanding of 'man in the middle attacks' as they apply to
server/browser communications.

Searching google isn't getting me what i really want!!

So, if you have the skills/expertise in this area, and you're willing to
talk to me for a few minutes, I'd appreciate it. As stated, the underlying
reason for the questions is to get a better understanding of 'man in the
middle attacks' as this applies to web server apps.

Thanks

bruce
bedouglas@earthlink.net



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Internet Web Server/Client Guru needed!!

Posted by Mike Dewhirst <mi...@dewhirst.com.au>.

bruce wrote:
> Hi...

Try Ivan Ristic's Apache Security published by O'Reilly. Ivan says on 
page 82 that SSL with both server and client authentication is the only 
solution to MITM attacks.

I would start with his book then seek out a guru. I'd know much better 
what to ask. I think Apache Security is brilliant.

Good luck

Mike

> 
> I'm working on a project, and need to know if there's anyone who's a guru
> with Web Server/Client interactions. Basically, I'm trying to get a much
> better/deeper understanding of the HTTP protocols defining the information
> that is sent/transfered between the web server/client browser apps.
> 
> I'm also interested in understanding what the various information is that
> gets transfered between the apps, as well as understanding what information
> can be spoofed/altered on the client side, as it goes back to the server.
> 
> I know about the querystring information (post/get/request/etc...). I'm more
> interested in the information that can be sent/viewed behind the scenes like
> header, ip addresses, mac addresses, machine IDs, etc... I'm also trying to
> understand just how much information can be seen by the web srever, from the
> browser/client app. At the same time, I'm curious as to just what the web
> server can get from the client app. All of this applies to me trying to get
> a better understanding of 'man in the middle attacks' as they apply to
> server/browser communications.
> 
> Searching google isn't getting me what i really want!!
> 
> So, if you have the skills/expertise in this area, and you're willing to
> talk to me for a few minutes, I'd appreciate it. As stated, the underlying
> reason for the questions is to get a better understanding of 'man in the
> middle attacks' as this applies to web server apps.
> 
> Thanks
> 
> bruce
> bedouglas@earthlink.net
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org