DNS to browser: request path, CDN, WAF, and virtual hosts
Foundations web engagement: synthesized the full client request path — DNS resolution, HTTP to the origin, HTML/JS/CSS rendering — plus load balancers, CDN, databases, WAF, and virtual hosts; ordered the stack to recover the engagement artifact.
- Case files
- DNS to browser: request path, CDN, WAF, and virtual hosts
Mapped DNS→HTTP→render, documented CDN/LB/WAF/DB roles, and ordered the request tiles to obtain THM{YOU_GOT_THE_ORDER}.
Documented component roles and verified the ordered request path for the engagement flag.
Engagement summary
Mapped DNS→HTTP→render, documented CDN/LB/WAF/DB roles, and ordered the request tiles to obtain THM{YOU_GOT_THE_ORDER}.
PUTTING IT ALL TOGETHER closed the web fundamentals track by forcing a single coherent model. Client resolves the hostname via DNS, speaks HTTP to a listener (often behind a load balancer), receives HTML/CSS/JS/images, and the browser renders. Efficiency and resilience layers: CDN hosts static assets near the user; load balancers distribute and health-check backends; databases back dynamic content; WAFs filter exploit patterns and rate-limit. Web server software (Apache/Nginx/IIS/Node) serves from a document root (/var/www/html or C:\inetpub\wwwroot) and uses virtual hosts to map Host headers to different site roots. Static vs dynamic: files served as-is versus backend languages (PHP/Python/etc.) that the client never sees (Nay). Lab quiz: drag the request-order tiles correctly → THM{YOU_GOT_THE_ORDER}.
Business impact
Misunderstanding the path leads to wrong fix owners (CDN vs origin vs WAF) and missed virtual-host shadow sites. Assessments must enumerate Host headers and CDN edges, not only the A record that nmap hit.
Request path and architecture controls
Documented component roles and verified the ordered request path for the engagement flag.
REQUEST ORDER
request-path.txt
1. Browser needs IP → DNS lookup
2. TCP connect (often to LB / CDN edge)
3. HTTP request (Host header selects vhost)
4. WAF inspects / rate-limits
5. Origin web server reads root / runs backend
6. Response: HTML/CSS/JS/images
7. Browser renders (frontend); backend code hiddenOPERATOR · STACK
savvy@lab:~$ dig +short example.com
A record → edge or origin IP
savvy@lab:~$ curl -sI https://example.com | grep -iE 'server|cf-|x-cache|via'
CDN / LB fingerprints in response headers
savvy@lab:~$ cat engagement/order_flag.txt
THM{YOU_GOT_THE_ORDER}
Remediation
Inventory virtual hosts and orphaned document roots. Place WAFs in blocking mode with tuned rules after baseline. Prefer CDN for static assets; keep secrets and admin panels off cacheable edges. Health-check backends and fail closed when pools empty.