GoFuckYourself.com - Adult Webmaster Forum - View Single Post

ZoiNk · 02-01-2004, 11:30 PM

A friend of mine was asking, so I thought I would try and find the answer for him.

Attackers try bruteforcing htaccess password protection, and it shows up as a HEAD request, not a get request. for the password protected area, i want to allow only GET requests. there is multiple attempts by dozens of ip addresses at the same time, so it is hard/not practical to block them or redirect stuff. the attacks come and go, but it would be easier on server resources if would just deny HEAD requests for that directory and not bother to authenicate.

ZoiNk

02-01-2004, 11:30 PM
ZoiNk Confirmed User Join Date: Feb 2002 Location: Canada Posts: 2,370	A friend of mine was asking, so I thought I would try and find the answer for him. Attackers try bruteforcing htaccess password protection, and it shows up as a HEAD request, not a get request. for the password protected area, i want to allow only GET requests. there is multiple attempts by dozens of ip addresses at the same time, so it is hard/not practical to block them or redirect stuff. the attacks come and go, but it would be easier on server resources if would just deny HEAD requests for that directory and not bother to authenicate. ZoiNk __________________ "People can have the Model T in any color - so long as it's black." - Henry Ford