Penetration Testing mailing list archives

RE: HEAD request

From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 11 Sep 2006 15:59:02 -0400

-----Original Message-----
Subject: HEAD request

When I issue HEAD request using nc I don't get any response from the

webserver and I get disconnected

after some time.
What should i conclude from that?Does it mean that the administrator has

blocked HEAD requests?

Probably not.  If the HEAD method is disabled in the web server, it would
normally issue a 405 error.  It sounds more like an in-line proxy control.
The silent drop without error sounds like maybe a Symantec firewall.  Hard
to say without more detail, though.  It's not likely (since HEAD is a pretty
simple request type), but you can't rule out the possibility of a
configuration/code error on the web server itself.

PaulM


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

Current thread:

HEAD request vijay shetti (Sep 10)
- Re: HEAD request berg (Sep 11)
- Re: HEAD request Steffen Wendzel (Sep 11)
- RE: HEAD request StyleWar (Sep 11)
  - RE: HEAD request Sels, Roger (Sep 11)
  - Re: HEAD request Mike Klingler (Sep 11)
- RE: HEAD request Paul Melson (Sep 11)
- <Possible follow-ups>
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
- RE: HEAD request Levenglick, Jeff (Sep 11)
- RE: HEAD request balaji . v (Sep 11)
- RE: HEAD request Ory Segal (Sep 11)
  - Re: HEAD request Rogan Dawes (Sep 11)