Closed Xaraknid closed 8 years ago
One of the missing field are "port" an optional if you use default port.
The other is required because it's need to be check :
"http" must be equal or higher than 1.1. If a client have a version lower should return http error code 505 - HTTP Version not supported.
Another thing is the return handshake in case of client fail to send a conform websocket handshake. Like bots sending that :
GET / HTTP/1.1 Host: x.x.x.x:port Connection: Keep-Alive
or any other malformed websocket headers The server respond with that :
HTTP/1.1 426 Upgrade Required Sec-WebSocketVersion: 13
I know security by obscurity is not bullet proof but giving info on a silver platter on other hand...
One of the missing field are "port" an optional if you use default port.
The other is required because it's need to be check :
"http" must be equal or higher than 1.1. If a client have a version lower should return http error code 505 - HTTP Version not supported.
Another thing is the return handshake in case of client fail to send a conform websocket handshake. Like bots sending that :
or any other malformed websocket headers The server respond with that :
I know security by obscurity is not bullet proof but giving info on a silver platter on other hand...