Unexpected redirection while sending Host header with wget
While testing check-mirrors with torsocks in experimental (#8074 (closed)) I noticed that wget is having a weird behaviour that it didn’t had in the past when sending explicit Host headers. It adds an unexpected redirection that bypasses the Host header (and fetches from a different IP address in the context of check-mirrors).
Success without Host header:
amnesia@amnesia:~$ wget http://78.47.150.61/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig --spider --max-redirect=0
Spider mode enabled. Check if remote file exists.
--2015-01-07 20:27:25-- http://78.47.150.61/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig
Connecting to 78.47.150.61:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 836 [application/pgp-signature]
Remote file exists.
Failure with Host header:
amnesia@amnesia:~$ wget http://78.47.150.61/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig --spider --max-redirect=0 --header="Host: dl.amnesia.boum.org"
Spider mode enabled. Check if remote file exists.
--2015-01-07 20:28:03-- http://78.47.150.61/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig
Connecting to 78.47.150.61:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 836 [application/pgp-signature]
Remote file exists.
Spider mode enabled. Check if remote file exists.
--2015-01-07 20:28:04-- http://dl.amnesia.boum.org/
Resolving dl.amnesia.boum.org (dl.amnesia.boum.org)... 50.254.151.65
Connecting to dl.amnesia.boum.org (dl.amnesia.boum.org)|50.254.151.65|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://cime.net/ [following]
0 redirections exceeded.
Second failure with Host header but no —max-redirect, note that the redirected IP address of the imaginary redirection changes:
amnesia@amnesia:~$ torsocks /usr/bin/wget http://176.9.53.178/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig --spider --header=Host: dl.amnesia.boum.org
Spider mode enabled. Check if remote file exists.
--2015-01-07 20:36:14-- http://176.9.53.178/tails/stable/tails-i386-1.2.2/tails-i386-1.2.2.iso.sig
Connecting to 176.9.53.178:80... connected.
HTTP request sent, awaiting response... 400 Bad Request
Remote file does not exist -- broken link!!!
Spider mode enabled. Check if remote file exists.
--2015-01-07 20:36:15-- http://dl.amnesia.boum.org/
Resolving dl.amnesia.boum.org (dl.amnesia.boum.org)... 96.126.119.95
Connecting to dl.amnesia.boum.org (dl.amnesia.boum.org)|96.126.119.95|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 90 [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
Feature Branch: bugfix/quote-wrappers-arguments
Attachments
Related issues
- Related to #8074 (closed)
- Related to #6623 (closed)
-
Blocked by #8830 (closed)
Original created by @sajolida on 8603 (Redmine)