RE: HEAD request

From: Sels, Roger (roger.sels@gov-fbi.net)
Date: Sun Sep 10 2006 - 22:47:25 EDT

• Next message: Levenglick, Jeff: "RE: HEAD request"
• Previous message: Ric Messier: "RE: tools to scan source code"
• In reply to: StyleWar: "RE: HEAD request"
• Next in thread: Mike Klingler: "Re: HEAD request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Vijay,

Verify with OPTIONS whether or not the server supports the HEAD directive.
You should get this style of response:

HTTP/1.1 200 OK
Date: Mon, 11 Sep 2006 14:59:16 GMT
Server: Apache/2.2.3 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.7g
Allow: GET,HEAD,POST,OPTIONS,TRACE
Cache-Control: max-age=86400
Expires: Tue, 12 Sep 2006 14:59:16 GMT
Content-Length: 0
Connection: close
Content-Type: text/html

This is the reply from the webserver at www.apache.org by the way. Trying
microsoft.com told me it was an IIS 6.0 but didn't support the OPTIONS
command ;)

Wkr

Roger

On Mon, September 11, 2006 7:23 am, StyleWar wrote:
> I doubt it...Tell us exactly what steps you're using to issue the
> request...
> maybe that will help.
>
> -
>
> StyleWar
>
> "Happiness makes up for in height, what it lacks in length"
>
>> -----Original Message-----
>> From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com] On Behalf Of vijay shetti
>> Sent: Saturday, September 09, 2006 3:14 AM
>> To: pen-test@securityfocus.com
>> Subject: HEAD request
>>
>> Hello all!!!
>>
>> I am doing assessment of a web server
>>
>> When I issue HEAD request using nc I don't get any response
>> from the webserver and I get disconnected after some time.
>> What should i conclude from that?Does it mean that the
>> administrator has blocked HEAD requests?
>>
>> regards,
>> Vijay
>>
>> --------------------------------------------------------------
>> ----------
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>> http://www.cenzic.com/products_services/download_hailstorm.php
>> --------------------------------------------------------------
>> ----------
>>
>>
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------
>
>

-- 
Life is 10 percent what you make it and 90 percent how you take it. -
Irving Berlin
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: Levenglick, Jeff: "RE: HEAD request"
• Previous message: Ric Messier: "RE: tools to scan source code"
• In reply to: StyleWar: "RE: HEAD request"
• Next in thread: Mike Klingler: "Re: HEAD request"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:56 EDT