Case file

DNS to browser: request path, CDN, WAF, and virtual hosts

Foundations web engagement: synthesized the full client request path — DNS resolution, HTTP to the origin, HTML/JS/CSS rendering — plus load balancers, CDN, databases, WAF, and virtual hosts; ordered the stack to recover the engagement artifact.

Foundations16 minDNS · HTTP · Web Architecture · WAF
01

Engagement summary

Mapped DNS→HTTP→render, documented CDN/LB/WAF/DB roles, and ordered the request tiles to obtain THM{YOU_GOT_THE_ORDER}.

PUTTING IT ALL TOGETHER closed the web fundamentals track by forcing a single coherent model. Client resolves the hostname via DNS, speaks HTTP to a listener (often behind a load balancer), receives HTML/CSS/JS/images, and the browser renders. Efficiency and resilience layers: CDN hosts static assets near the user; load balancers distribute and health-check backends; databases back dynamic content; WAFs filter exploit patterns and rate-limit. Web server software (Apache/Nginx/IIS/Node) serves from a document root (/var/www/html or C:\inetpub\wwwroot) and uses virtual hosts to map Host headers to different site roots. Static vs dynamic: files served as-is versus backend languages (PHP/Python/etc.) that the client never sees (Nay). Lab quiz: drag the request-order tiles correctly → THM{YOU_GOT_THE_ORDER}.

Business impact

Misunderstanding the path leads to wrong fix owners (CDN vs origin vs WAF) and missed virtual-host shadow sites. Assessments must enumerate Host headers and CDN edges, not only the A record that nmap hit.

02

Request path and architecture controls

Documented component roles and verified the ordered request path for the engagement flag.

REQUEST ORDER

request-path.txt

1. Browser needs IP → DNS lookup
2. TCP connect (often to LB / CDN edge)
3. HTTP request (Host header selects vhost)
4. WAF inspects / rate-limits
5. Origin web server reads root / runs backend
6. Response: HTML/CSS/JS/images
7. Browser renders (frontend); backend code hidden

OPERATOR · STACK

savvy@lab:~$ dig +short example.com

A record → edge or origin IP

savvy@lab:~$ curl -sI https://example.com | grep -iE 'server|cf-|x-cache|via'

CDN / LB fingerprints in response headers

savvy@lab:~$ cat engagement/order_flag.txt

THM{YOU_GOT_THE_ORDER}

Remediation

Inventory virtual hosts and orphaned document roots. Place WAFs in blocking mode with tuned rules after baseline. Prefer CDN for static assets; keep secrets and admin panels off cacheable edges. Health-check backends and fail closed when pools empty.