From owner-freebsd-security  Sun Jul  8  6:22:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gyw.com (gyw.com [209.55.67.177])
	by hub.freebsd.org (Postfix) with ESMTP id 0A31437B401
	for <freebsd-security@FreeBSD.ORG>; Sun,  8 Jul 2001 06:22:18 -0700 (PDT)
	(envelope-from tjk@tksoft.com)
Received: from smtp3.tksoft.com (smtp3.tksoft.com [192.168.50.56] (may be forged))
	by gyw.com (8.8.8/8.8.8) with ESMTP id FAA11658;
	Sun, 8 Jul 2001 05:32:20 -0700
Received: (from tjk@tksoft.com)
	by smtp3.tksoft.com (8.8.8/8.8.8) id EAA15423;
	Sun, 8 Jul 2001 04:47:41 -0700
From: "tjk@tksoft.com" <tjk@tksoft.com>
Message-Id: <200107081147.EAA15423@smtp3.tksoft.com>
Subject: Re: apache security question
To: default013subscriptions@hotmail.com
Date: Sun, 8 Jul 2001 04:47:40 -0700 (PDT)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <OE44ezf9CIElR3n4DVv00010e9b@hotmail.com> from "default013 - subscriptions" at Jun 14, 2001 08:08:36 AM
X-Info: None
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Just got back from vacation and saw this.

Lots of software use the HEAD method to find out if a
page has been modified. If it has, then it downloads the 
page. The HEAD method is a part of the HTTP protocol, and
a very useful part of it. It prints the header for the
requested page, but not the page itself. A GET request
prints the header and the page. By removing the HEAD 
capability, you achieve nothing, but you will create
problems for yourself. 


Troy

 
> 
> Hello, I've been advised that someone is attempting to break into my box,
> and I know that this person is knowledgeable so I've been watching for
> unusual activity...
> 
> I noticed this entry in one of my apache logfiles yesterday, and was
> wondering if anyone could explain to me what this is:
> 
> mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500]
> "HEAD / HTTP/1.0" 200 0 "-"
> 
> It appears to me like they somehow executed the 'head' command... how would
> one do this, and how could you stop it?
> 
> Thanks, Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message