Just got back from vacation and saw this.

Lots of software use the HEAD method to find out if a
page has been modified. If it has, then it downloads the
page. The HEAD method is a part of the HTTP protocol, and
a very useful part of it. It prints the header for the
requested page, but not the page itself. A GET request
prints the header and the page. By removing the HEAD
capability, you achieve nothing, but you will create
problems for yourself.

Troy

 
>
> Hello, I've been advised that someone is attempting to break into my box,
> and I know that this person is knowledgeable so I've been watching for
> unusual activity...
>
> I noticed this entry in one of my apache logfiles yesterday, and was
> wondering if anyone could explain to me what this is:
>
> mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500]
> "HEAD / HTTP/1.0" 200 0 "-"
>
> It appears to me like they somehow executed the 'head' command... how would
> one do this, and how could you stop it?
>
> Thanks, Jordan
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]