httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruno Wolff III <>
Subject Re: Filtering HEAD requests
Date Sat, 20 Jul 2002 14:53:20 GMT
On Thu, Jul 18, 2002 at 18:00:34 -0400,
  Mike Zimmerman <> wrote:
> Evening folks,
> 	I run a web server that requires authentication. Occasionally, we 
> 	get a run of people trying to crack a password using HEAD requests.
> Then question I have is how I can completely reject HEAD requests, since it 
> seems to be written as a part of GET. Is there a way to do this?

You can use mod_rewrite to block HEAD requests by checking REQUEST_METHOD.
However I don't know if that will be before or after the authentication
check. If it is after it won't do you any good.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message