|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
02-01-2004, 11:02 PM
|
#1 |
|
Confirmed User
Join Date: Feb 2002
Location: Canada
Posts: 2,370
|
Blocking HEAD requests in apache
Does anyone know how to block head requests and still let legit connections through. I am sure there is a way in the htaccess file, or if not, using the apache config. Anyone know? Thanks,
ZoiNk
__________________
"People can have the Model T in any color - so long as it's black." - Henry Ford |
|
|
|
02-01-2004, 11:18 PM
|
#2 |
|
Confirmed User
Join Date: Aug 2001
Location: In a Bunker
Posts: 868
|
Why would you block HEAD requests?
Are you being attacked?
__________________
Does anyone look down here? |
|
|
|
|
02-01-2004, 11:20 PM
|
#3 |
|
making it rain
Industry Role:
Join Date: Oct 2003
Location: seattle
Posts: 22,114
|
What are you trying to accomplish?
|
|
|
|
|
02-01-2004, 11:21 PM
|
#4 |
|
Confirmed User
Join Date: Oct 2002
Location: "evitcepsrep ruoy egnahc"
Posts: 9,976
|
Never turn down head.
|
|
|
|
|
02-01-2004, 11:30 PM
|
#5 |
|
Confirmed User
Join Date: Feb 2002
Location: Canada
Posts: 2,370
|
A friend of mine was asking, so I thought I would try and find the answer for him.
Attackers try bruteforcing htaccess password protection, and it shows up as a HEAD request, not a get request. for the password protected area, i want to allow only GET requests. there is multiple attempts by dozens of ip addresses at the same time, so it is hard/not practical to block them or redirect stuff. the attacks come and go, but it would be easier on server resources if would just deny HEAD requests for that directory and not bother to authenicate. ZoiNk
__________________
"People can have the Model T in any color - so long as it's black." - Henry Ford |
|
|
|
|
02-01-2004, 11:31 PM
|
#6 | |
|
Confirmed User
Join Date: Feb 2002
Location: Canada
Posts: 2,370
|
Quote:
ZoiNk
__________________
"People can have the Model T in any color - so long as it's black." - Henry Ford |
|
|
|
|
|
02-01-2004, 11:50 PM
|
#7 |
|
Confirmed User
Join Date: Aug 2001
Location: In a Bunker
Posts: 868
|
So I was right.
Use something like this, this is not PHP but the only way the board will let me post it: PHP Code:
__________________
Does anyone look down here? |
|
|
|
|
02-02-2004, 12:08 AM
|
#8 |
|
old school fart
Industry Role:
Join Date: May 2001
Location: Florida
Posts: 1,015
|
drop this in a .htaccess in the directory you want to deny HEAD requests from. Then test to make sure it doesnt deny get/post. It shouldn't tho.
<Limit HEAD> order deny,allow deny from all </Limit>
__________________
The next generation of SEO |
|
|
|
|
02-02-2004, 12:25 AM
|
#9 |
|
Confirmed User
Join Date: Apr 2002
Location: Portland, OR
Posts: 139
|
<LimitExcept GET POST>
order deny,allow deny from all </LimitExcept>
__________________
Komply - The 2257 record keeping & content management application (sneak preview) Manic Cash - Tight Niches, Solid Payouts... ICQ 346121285 |
|
|
|
