Server logs.

[William]

Hello,

I've just get the following in my server logs and I think it is pretty
uncommon. Can anybody tell me if somebody is REALLY putting something on my
site or, what does "options", "post" and "head" mean? Can javascript be used
to avoid outsiders to do it?

IP address [date & time] "OPTIONS / HTTP/1.1"
IP address [date & time] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1"
IP address [date & time] HEAD / HTTP/1.1

Usual server logs are only like this (note the GET command):
IP address [date & time] "GET /index.html HTTP/1.1"

Thanks in advance.

W.

 

[Grant Wagner]

Hello,

I've just get the following in my server logs and I think it is pretty
uncommon. Can anybody tell me if somebody is REALLY putting something on my
site or, what does "options", "post" and "head" mean? Can javascript be used
to avoid outsiders to do it?

IP address [date & time] "OPTIONS / HTTP/1.1"
IP address [date & time] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1"
IP address [date & time] HEAD / HTTP/1.1

Usual server logs are only like this (note the GET command):
IP address [date & time] "GET /index.html HTTP/1.1"

Thanks in advance.

W.

While none of this has anything to do with JavaScript, it's an interesting
question, so I figured I'll take a whack at it.

HTTP standards provides a number of "methods" which can be invoked on the
server. GET and POST are by far the most common, but you can also PUT and HEAD
the server, as well as a number of other, seldom used, methods that provide
other information or functionality to an HTTP client (which may or may not be a
browser).

A list of methods from 1992 (HTTP 1.0?) is available at <url:
http://www.w3.org/Protocols/HTTP/Methods.html />. A list of common HTTP 1.1
methods is available at <url:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html />

So while OPTIONS and that particular POST look like they might be caused by Code
Red or some other IIS exploit, the methods OPTIONS and POST by themselves mean
nothing, since they are perfectly valid requests to make of a web server. A
properly configured a web server should probably ignore OPTIONS, DELETE, PUT and
TRACE (unless you're using WebDAV, in which case I believe you need PUT and
DELETE).

I think apache, for example, comes with only GET, HEAD and POST enabled.

--
| Grant Wagner <[email protected]>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*
http://devedge.netscape.com/library/manuals/2000/javascript/1.3/reference/frames.html

* Internet Explorer DOM Reference available at:
*
http://msdn.microsoft.com/workshop/author/dhtml/reference/dhtml_reference_entry.asp

* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 7 / Mozilla
* http://www.mozilla.org/docs/web-developer/upgrade_2.html

 

[William]

Thanks a lot Grant.