What is the web server software announcing itself as "VDL/1.0"?

Damien Clauzel

11/7/23, 2:36 PM

I am looking at an old web form located at: http://www.teleservices.lyon.fr/etat-civil/naissance/

Of course, it is obsolete, bogus, without TLS, etc.

But I don’t recognize the web server publishing it. And yet, I came across my fair share of rotten and esoteric software! . Google does not immediately find anything relevant.

→ Can you identify this web server VDL/1.0 ?

$ curl --head --insecure http://www.teleservices.lyon.fr/etat-civil/naissance/
HTTP/1.1 200 OK
Date: Mon, 07 Nov 2022 14:28:22 GMT
Server: VDL/1.0
Content-Length: 23727
Expires: Tue, 08 Nov 2022 00:54:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: public, must-revalidate
Vary: Accept-Encoding
Connection: close

nmap scan:

# nmap -A -T4 www.teleservices.lyon.fr
Starting Nmap 7.92 ( https://nmap.org ) at 2022-11-07 17:22 CET
Nmap scan report for www.teleservices.lyon.fr (185.235.8.66)
Host is up (0.013s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE SERVICE    VERSION
53/tcp  open  domain     Cloudflare public DNS
80/tcp  open  http       Citrix NetScaler httpd
|_http-server-header: Apache/2.2.15 (Red Hat)
443/tcp open  ssl/https?
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.10 - 4.11, Linux 3.2 - 4.9
Network Distance: 13 hops
Service Info: Device: load balancer

TRACEROUTE (using port 80/tcp)
HOP RTT      ADDRESS
1   0.34 ms  routeur.localdomain (192.168.1.1)
2   1.08 ms  78.193.87.254
3   1.32 ms  78.255.60.126
4   1.59 ms  sal69-49m-1-v904.intf.nro.proxad.net (78.254.248.41)
5   1.60 ms  gui69-49m-1-v908.intf.nro.proxad.net (78.254.248.134)
6   3.40 ms  lyon-crs8-1-be1503.intf.nro.proxad.net (78.254.248.142)
7   ...
8   16.76 ms marseille-9k-1-be2001.intf.routers.proxad.net (194.149.162.154)
9   ...
10  20.82 ms be5.cr02.mar02.jaguar-network.net (78.153.231.90)
11  21.63 ms he0-0-0-21.cr03.lyo01.jaguar-network.net (78.153.231.89)
12  21.71 ms 185.235.8.250
13  21.58 ms 185.235.8.66

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.85 seconds

1 + 0

web-server

http-headers

Score:3

Server

diya

11/7/23, 2:44 PM

My guess would be a custom header designed to hide/replace an actual server signature :

VDL --> Ville de Lyon ; the city/municipality of Lyon

+ 3

Damien Clauzel

11/7/23, 2:50 PM

I agree, it is a possibility. What bugs me is that their practice are not unified on all their web servers, managed by the same team.

diya

11/7/23, 3:08 PM

I can still only guess, but the team managing the websites is most likely not responsible for all (legacy) applications that are offered online. Reverse proxy-ing and otherwise integrating backend applications will by default not remove headers set by the back-end, so I can absolutely see one team of developers being cute and setting a custom server header of "VDL" where others don't and as a result inconstancies. I imagine that setting an unknown server signature even avoids "annoying" warnings from vulnerability scanners that rely on the self-proclaimed server string for their analyses

Damien Clauzel

11/7/23, 4:30 PM

Yes, hiding the identity of the web service is like changing its port: it is useless . I will email the IT department when I have the motivation; if only to tell them to switch to HTTPS (GDPR, etc. ). Thanks for your insight!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: What is the web server software announcing itself as "VDL/1.0"?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.