Please forgive if repeat post. What requests should I block?

Client Joined: Jul 18, 2003 Posts: 977

I understand to not block GET or POST but should I block HEAD and SEARCH or any others? I had a registered user get blocked for a HEAD request and I do not even know what that is... I out it in there because I thought I should having read it somewhere. Can someone please clarify these? thanks!

Client Joined: Apr 10, 2004 Posts: 649 Location: UK

I dont understand that part of Sentinel so I dont put anything in mine. Rolling Eyes

I'd be interested to know as well.

New Member Joined: Aug 06, 2004 Posts: 5

i'm having the same problem here Sad

i entered HEAD and SEARCH to the request methods list (as recommended in the tool tip) and some of my visitors are being banned for nothing (i assume)

here's one of the mails i received:

Code:

Date & Time: 2004-08-05 10:48:42


Blocked IP: xxx.xxx.xxx.xxx


User ID: EstherRoth (9853)


Reason: Abuse-Request


String Match: HEAD


--------------------


User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6) Gecko/20040206 Firefox/0.8


Query String: www.url.com/modules.php?name=Forums&file=profile&mode=viewprofile&u=9853


Forwarded For: none


Client IP: none


Remote Address: xxx.xxx.xxx.xxx


Remote Port: 3594


Request Method: HEAD


--------------------


Who-Is for IP


xxx.xxx.xxx.xxx

should i remove HEAD from the list?
which request methods should i ban?
what's HEAD used for? could this alert be a false positive?

well, thanks in advance, and thanks for sentinel, i think iit's working great (though i'm a bit messed with its configuration)

(forgive my english Razz

)

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

I would remove the HEAD requests but leave the Search request. Please keep in mind that it would be impossible to try to explain the HTTP Header's protocol. Try a search on google for HTTP HEAD Request or something similar to understand the meaning. For a brief explanation, A HEAD request and a GET request are similar, except A GET request will return the entire page and a HEAD request will return only the HEADERS. This can be useful in determining if a page has been modified before returning the entire page. It can also be used for mischief, but overall you are probably safe in not banning it. SEARCH, however, I would ban.

Posted: Sat Aug 07, 2004 5:50 am

thanks!

didn't want a complete explanation, yours fits my needs completely Wink

i'm banning now SEARCH, TRACE and DELETE

hope it's correct Razz

thanks again

Posted: Sat Aug 07, 2004 9:15 am

Standard disclaimer Laughing

Your choice of bans is right on!

Posted: Sat Aug 07, 2004 10:29 am

Thanks Raven