Web Proxy Autodiscovery Protocol (WPAD)

If you take a close look at your logs you may occasionally see requests for a file named wpad.dat. This file is related to automatic proxy configuration in many browsers.

To provide this capability to your users and website,

  1. DNS:

    Default behavior is to traverse the domain in reverse, looking for one with a file named /wpad.dat

    Example (using my domain for example):

  2. Then in httpd.conf, set the MIME type:
    AddType application/x-ns-proxy-autoconfig .pac
  3. Also in httpd.conf, add a redirect to the actual file you wish to use.
    Redirect permanent /wpad.dat http://www.giantgeek.com/proxy.pac
  4. In the new file, add the following default contents, modify if you use a proxy:

    /* 'proxy.pac' - This is the main function called by any browser
    NOTE: there is NO proxy!
    function FindProxyForURL(url, host)
    return “DIRECT”;
    } // End function FindProxyForUrl



Added in MSIE8 and Mozilla Firefox 3.6.9, Apple Safari 4, IE8, and Google Chrome 2 are several mechanisms to defend against cross-domain forgeries.

You can add to your website to make sure it is not embedded in a frame or iframe. This avoids clickjacking.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a “<frame>” or “<iframe>“. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Supported Values:

NOTE: “ALLOW-FROM” is supported in some browsers

You can explicitly set this value for ApacheHTTP in the httpd.conf file, your .htaccess files or code it into the page(s) by the application itself.

Example, add this to the apache config file:

Header always set X-Frame-Options DENY

Dotless IP Address

This is a concept I had forgotten about until recently, it can often serve as a simple means of code obfuscation and is also sometimes referred to as “Decimal Address”.

Some background:

  • DNS is used to convert a URL/domain name into an IP address that is used to contact the remote machine.
    localhost =
    giantgeek.com =
  • IP addresses (as IPv4) are represented as groups of 4 hexadecimal or decimal octets.
  • Those numbers can be plugged into a simple formula to be represented as a single large integer.

As such, you can use the following as equivalents:

  • http://localhost
  • http://2130706433


What is a SLD (Second Level Domain)?

I just wrote about the TLD, so this naturally follows:

A SLD includes the TLD name and further identifies the owning organization of a URL.

Second-level domains can be divided into further levels. These subdomains sometimes represent different computers within an organization, but are many times the same machine with different aliases.



TLD =  .com
SLD = giantgeek.com
Subdomains = www.gianteek.com & mail.giantgeek.com

NOTE: Refer to HTTP/1.1 for details on how IP addresses, routing and webservers are impacted by this.

Interesting enough, some one character SLD’s do exist,  x.com for example.



What is a TLD (Top Level Domain)?

I occasionally get this question, as many technical people don’t fully understand it.

A TLD is ‘actually” the last section of a URL (owned by the domain registrars themselves).


  • .com
  • .net
  • .org
  • .us (and other 2 digit country codes)

You can find a full list of TLD’s here:

Various other TLD’s have been proposed through the years, here are a few common ones (that are in various states of approval or implementation):

  • .museum
  • .info
  • .xxx
  • .biz
  • .mobi