You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike Zimmerman <ta...@spamcop.net> on 2002/07/19 00:00:34 UTC
Filtering HEAD requests
Evening folks,
I run a web server that requires authentication. Occasionally, we get a
run of people trying to crack a password using HEAD requests.
Then question I have is how I can completely reject HEAD requests, since it
seems to be written as a part of GET. Is there a way to do this?
Any help would be much appreciated.
Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Filtering HEAD requests
Posted by Bruno Wolff III <br...@wolff.to>.
On Thu, Jul 18, 2002 at 18:00:34 -0400,
Mike Zimmerman <ta...@spamcop.net> wrote:
> Evening folks,
>
> I run a web server that requires authentication. Occasionally, we
> get a run of people trying to crack a password using HEAD requests.
> Then question I have is how I can completely reject HEAD requests, since it
> seems to be written as a part of GET. Is there a way to do this?
You can use mod_rewrite to block HEAD requests by checking REQUEST_METHOD.
However I don't know if that will be before or after the authentication
check. If it is after it won't do you any good.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Filtering HEAD requests
Posted by "Matus \"fantomas\" Uhlar" <uh...@fantomas.sk>.
-> I run a web server that requires authentication. Occasionally, we get a
-> run of people trying to crack a password using HEAD requests.
-> Then question I have is how I can completely reject HEAD requests, since it
-> seems to be written as a part of GET. Is there a way to do this?
theoretically yes. but i would not recommend it. HEAD is used by proxies to
check if documents in cache aren't outdated and this would break this
behaviour
--
Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I don't wish to receive spam to this address.
Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org