From owner-freebsd-security Fri Jun 15 10:51:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by hub.freebsd.org (Postfix) with ESMTP id E3E0E37B403 for ; Fri, 15 Jun 2001 10:51:07 -0700 (PDT) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id DAA09548; Sat, 16 Jun 2001 03:50:43 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Sat, 16 Jun 2001 03:50:43 +1000 (EST) From: Ian Smith To: "Karsten W. Rohrbach" Cc: Yonatan Bokovza , freebsd-security@FreeBSD.ORG Subject: Re: apache security question In-Reply-To: <20010614212241.G49807@mail.webmonster.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 14 Jun 2001, Karsten W. Rohrbach wrote: > > > > > It appears to me like they somehow executed the 'head' > > > command... how > > > would > > > > > one do this, and how could you stop it? > > HTTP HEAD gives you the headers of the corresponding GET operation. > different from GET, where you will also get the object data, HEAD > transmits only the headers like with GET but no (file) object data. And so, HEAD requests are not any more harmful nor dangerous than GET requests, which one is presumably happy to permit to a web server :-) Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message