Server logs.

Re: Server logs.

William wrote:
[color=blue]
> Hello,
>
> I've just get the following in my server logs and I think it is pretty
> uncommon. Can anybody tell me if somebody is REALLY putting something on my
> site or, what does "options", "post" and "head" mean? Can javascript be used
> to avoid outsiders to do it?
>
> IP address [date & time] "OPTIONS / HTTP/1.1"
> IP address [date & time] "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.1"
> IP address [date & time] HEAD / HTTP/1.1
>
> Usual server logs are only like this (note the GET command):
> IP address [date & time] "GET /index.html HTTP/1.1"
>
> Thanks in advance.
>
> W.[/color]

While none of this has anything to do with JavaScript, it's an interesting
question, so I figured I'll take a whack at it.

HTTP standards provides a number of "methods" which can be invoked on the
server. GET and POST are by far the most common, but you can also PUT and HEAD
the server, as well as a number of other, seldom used, methods that provide
other information or functionality to an HTTP client (which may or may not be a
browser).

A list of methods from 1992 (HTTP 1.0?) is available at <url:
http://www.w3.org/Protocols/HTTP/Methods.html />. A list of common HTTP 1.1
methods is available at <url:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html />

So while OPTIONS and that particular POST look like they might be caused by Code
Red or some other IIS exploit, the methods OPTIONS and POST by themselves mean
nothing, since they are perfectly valid requests to make of a web server. A
properly configured a web server should probably ignore OPTIONS, DELETE, PUT and
TRACE (unless you're using WebDAV, in which case I believe you need PUT and
DELETE).

I think apache, for example, comes with only GET, HEAD and POST enabled.

--
| Grant Wagner <gwagner@agrico reunited.com>

* Client-side Javascript and Netscape 4 DOM Reference available at:
*


* Internet Explorer DOM Reference available at:
*


* Netscape 6/7 DOM Reference available at:
* http://www.mozilla.org/docs/dom/domref/
* Tips for upgrading JavaScript for Netscape 7 / Mozilla
* http://www.mozilla.org/docs/web-deve...upgrade_2.html

Re: Server logs.

Thanks a lot Grant.

[color=blue]
>
> While none of this has anything to do with JavaScript, it's an interesting
> question, so I figured I'll take a whack at it.
>
> HTTP standards provides a number of "methods" which can be invoked on the
> server. GET and POST are by far the most common, but you can also PUT and HEAD
> the server, as well as a number of other, seldom used, methods that provide
> other information or functionality to an HTTP client (which may or may not be
> a
> browser).
>
> A list of methods from 1992 (HTTP 1.0?) is available at <url:
> http://www.w3.org/Protocols/HTTP/Methods.html />. A list of common HTTP 1.1
> methods is available at <url:
> http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html />
>
> So while OPTIONS and that particular POST look like they might be caused by
> Code
> Red or some other IIS exploit, the methods OPTIONS and POST by themselves mean
> nothing, since they are perfectly valid requests to make of a web server. A
> properly configured a web server should probably ignore OPTIONS, DELETE, PUT
> and
> TRACE (unless you're using WebDAV, in which case I believe you need PUT and
> DELETE).
>
> I think apache, for example, comes with only GET, HEAD and POST enabled.
>
> --
> | Grant Wagner <gwagner@agrico reunited.com>
>
> * Client-side Javascript and Netscape 4 DOM Reference available at:
> *
> http://devedge.netscape.com/library/...reference/fram
> es.html
>
> * Internet Explorer DOM Reference available at:
> *
> http://msdn.microsoft.com/workshop/a...reference_entr
> y.asp
>
> * Netscape 6/7 DOM Reference available at:
> * http://www.mozilla.org/docs/dom/domref/
> * Tips for upgrading JavaScript for Netscape 7 / Mozilla
> * http://www.mozilla.org/docs/web-deve...upgrade_2.html
>
>[/color]