Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Wed Aug 04, 2004 8:32 am Reply with quote

I understand to not block GET or POST but should I block HEAD and SEARCH or any others? I had a registered user get blocked for a HEAD request and I do not even know what that is... I out it in there because I thought I should having read it somewhere. Can someone please clarify these? thanks!
 
View user's profile Send private message Visit poster's website
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Wed Aug 04, 2004 8:36 am Reply with quote

I dont understand that part of Sentinel so I dont put anything in mine. Rolling Eyes

I'd be interested to know as well.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
raul2010
New Member
New Member


Joined: Aug 06, 2004
Posts: 5

PostPosted: Fri Aug 06, 2004 2:10 pm Reply with quote

i'm having the same problem here Sad

i entered HEAD and SEARCH to the request methods list (as recommended in the tool tip) and some of my visitors are being banned for nothing (i assume)

here's one of the mails i received:
Code:
Date & Time: 2004-08-05 10:48:42

Blocked IP: xxx.xxx.xxx.xxx
User ID: EstherRoth (9853)
Reason: Abuse-Request
String Match: HEAD
--------------------
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
Query String: Only registered users can see links on this board! Get registered or login!
Forwarded For: none
Client IP: none
Remote Address: xxx.xxx.xxx.xxx
Remote Port: 3594
Request Method: HEAD
--------------------
Who-Is for IP
xxx.xxx.xxx.xxx


should i remove HEAD from the list?
which request methods should i ban?
what's HEAD used for? could this alert be a false positive?

well, thanks in advance, and thanks for sentinel, i think iit's working great (though i'm a bit messed with its configuration)

(forgive my english Razz )
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Fri Aug 06, 2004 7:52 pm Reply with quote

I would remove the HEAD requests but leave the Search request. Please keep in mind that it would be impossible to try to explain the HTTP Header's protocol. Try a search on google for HTTP HEAD Request or something similar to understand the meaning. For a brief explanation, A HEAD request and a GET request are similar, except A GET request will return the entire page and a HEAD request will return only the HEADERS. This can be useful in determining if a page has been modified before returning the entire page. It can also be used for mischief, but overall you are probably safe in not banning it. SEARCH, however, I would ban.
 
View user's profile Send private message
raul2010
PostPosted: Sat Aug 07, 2004 5:50 am Reply with quote

thanks!

didn't want a complete explanation, yours fits my needs completely Wink

i'm banning now SEARCH, TRACE and DELETE

hope it's correct Razz

thanks again
 
Raven
PostPosted: Sat Aug 07, 2004 9:15 am Reply with quote

Standard disclaimer Laughing

Your choice of bans is right on!
 
Muffin
PostPosted: Sat Aug 07, 2004 10:29 am Reply with quote

Thanks Raven
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©