Date: Sat, 16 Jun 2001 03:50:43 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Yonatan Bokovza <Yonatan@xpert.com>, freebsd-security@FreeBSD.ORG Subject: Re: apache security question Message-ID: <Pine.BSF.3.96.1010616034350.5465F-100000@gaia.nimnet.asn.au> In-Reply-To: <20010614212241.G49807@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 14 Jun 2001, Karsten W. Rohrbach wrote: > > > > > It appears to me like they somehow executed the 'head' > > > command... how > > > would > > > > > one do this, and how could you stop it? > > HTTP HEAD gives you the headers of the corresponding GET operation. > different from GET, where you will also get the object data, HEAD > transmits only the headers like with GET but no (file) object data. And so, HEAD requests are not any more harmful nor dangerous than GET requests, which one is presumably happy to permit to a web server :-) Cheers, Ian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1010616034350.5465F-100000>