Educated Guesswork

« More on Apple and non-portability | Main | MD5 collisions in PostScript files »

June 10, 2005

How to make Firefox infinite loop

I just tried to dereference www2006.org and was treated to Firefox printing "waiting for www2006.org" over and over. A little bit of protocol debugging clears up what's going on. Here's the HTTP request captured from the network:

New TCP connection #17: 192.168.1.115(63782) <-> augur.ecs.soton.ac.uk(80)

GET / HTTP/1.1
Host: www.www2006.org
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050508 Firefox/1.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

www.www2006.org is CNAMED to augur.ecs.soton.ac.uk, so we connect there and ask for www.www2006.org in the Host header. But I typed in www2006.org, so why did we get www.www2006.org? Well, let's try dig...

[34] dig www2006.org

; <<>> DiG 9.3.0 <<>> www2006.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47778
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www2006.org.                   IN      A

;; AUTHORITY SECTION:
www2006.org.            705     IN      SOA     dns0.webcentre.net. hostmaster.webcentre.net. 2005051701 7200 3600 604800 3600

;; Query time: 12 msec
;; SERVER: 64.102.6.247#53(64.102.6.247)
;; WHEN: Fri Jun 10 12:40:25 2005
;; MSG SIZE  rcvd: 94

Now things become clear: there's no IP address available for www2006.org, so Firefox tries prepending a www. to the front, in case I mistyped. There is an IP address for that:

[35] dig www.www2006.org

; <<>> DiG 9.3.0 <<>> www.www2006.org
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12134
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 7

;; QUESTION SECTION:
;www.www2006.org.               IN      A

;; ANSWER SECTION:
www.www2006.org.        553     IN      CNAME   augur.ecs.soton.ac.uk.
augur.ecs.soton.ac.uk.  1291    IN      A       152.78.68.160
...

So, we connect to augur.ecs.soton.ac.uk, and ask for www.www2006.org, which brings us back to the request at the top. Here's the response:

HTTP/1.1 302 Found
Date: Fri, 10 Jun 2005 17:55:04 GMT
Server: Apache/2.0.46 (Red Hat)
Location: http://www2006.org/
Content-Length: 287
Content-Type: text/html; charset=iso-8859-1
Via: 1.1 Application and Content Networking System Software 5.1.13
Connection: Close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www2006.org/">here</a>.</p>
<hr />
<address>Apache/2.0.46 (Red Hat) Server at www.www2006.org Port 80</address>
</body></html>

Unfortunately, this response is a redirect to www2006.org, so we go back to the beginning of the cycle, resulting in an infinite loop.

What we've got here is an interaction of DNS misconfiguration and a browser bug. Note that connecting to www.www2006.org and providing a Host header for www2006.org works fine.

Posted by ekr at June 10, 2005 11:46 AM | Filed under: