Salaam!
Rick Mallett wrote:
> ... it seems to me that the purpose of the FAILURE report is > to show references to files that don't exist ...
Actually its purpose is to show all requests that failed for any reason, although it appears not to show (at least) 416 errors.
> A status code of 405 on a PROPFIND means "Method Not Allowed" ...
A Google search disclosed the following very informative page on HTTP error codes:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html including:
405 Method Not Allowed
The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.
It appears that this error code is returned when the resource is available, but the request for it has failed.
> and I don't think this should be treated the same as a 404 on a GET
The client process may treat it differently by substituting the appropriate method from the list returned with the error code.
Analog treats it as a failure, which it is. That is to say, in Analog it appears in the proper report, and is listed below the pie chart by error code in the Status Report. Note that it is NOT saying the page is not present ~ the Failure Report quite explicitly lists "failed requests," not "missing pages."
This is also true of other error codes that appear in the Status Report: 401 Unauthorized, 403 Forbidden, 406 Not Acceptable, 410 Gone, etc.
> ... it bloats the FAILURE report IMO and it's misleading to see > a failed request against a file that you know does exist and is > GETable.
I would prefer to see all the 400-series codes in both the Failure Report and the Status Report, and all the 500-series codes as well.
> OTOH the fact that I can choose to ignore these requests using > "STATUSEXCLUDE 405" would seem to support the argument that its not > a bug, its a feature, but I think that might be worth reviewing, and > at the very least commenting on in the documentation.
Perhaps a paragraph or two of the following can become "commenting on in the documentation":
"Failure" error codes can show problems with the server or the file requested, and can also show attempts to attack the server. "403 Forbidden" is an attempt to access a restricted file. "405 Method Not Allowed" may flag an attempt to load a page for remote modification, or an attempt to misuse an .asp, .cgi. .php, or other active file. 413 and 414 errors are even more likely to flag a Denial of Service attack on the server. Requests for non-existent scripting pages often flag attempts to use the server for spam mailings. All of these are properly listed under the "Failure Report" and can be distinguished by comparison with the "Status Code Report" along with familiarity with the site structure and content.
I use a number of nonexistent files to identify individual pages and collections of pages. A "Failure Report" entry of /lf/sc/sanitized.css identifies the previously-hidden pages comprising the LibertyForum.org "Star Chamber" episode ~ now archived with an introduction at http://www.muslimamerica.net/lf/wrs.htm and quite unpopular with the "in" crowd at Liberty Forum. The entry for /css/default.css identifies censored FreeRepublic.com Threads, archived with an introduction at http://www.muslimamerica.net/mp/framed.htm and usually found through search engines. (FreeRepublic.com and LibertyForum.org deceptively represent themselves as "free speech" political discussion forums.)
On the other hand, Failure Report entries of /msoffice/cltreq.asp, /_vti_bin/owssvr.dll, anything resembling */mail.cgi, and other such requests for active pages, may be (and in some cases obviously are) attack attempts.
The Failure Report also lists missing pages, links on the site's pages erroneously pointing to the server (usually from imported pages containing unrectified links pointing to other servers), and links that the case-sensitive server software doesn't rectify ~ which is a real problem where a page has been linked properly in some places and improperly in others.
But I'm still wondering how the Redirection Report can show .gif files that are present where they're supposed to be ...
> - rick
was-salaam, abujamal -- astaghfirullahal-ladhee laa ilaha illa howal-hayyul-qayyoom wa 'atoobu 'ilaihi
Rejoice, muslims, in martyrdom without fighting, a Mercy for us. Be like the better son of Adam.
+------------------------------------------------------------------------ | TO UNSUBSCRIBE from this list: | http://lists.meer.net/mailman/listinfo/analog-help | | Usenet version: news://news.gmane.org/gmane.comp.web.analog.general | List archives: http://www.analog.cx/docs/mailing.html#listarchives +------------------------------------------------------------------------
