On Sat, Oct 02, 2021 at 09:02:39PM +0200, Sebastian Benoit wrote: >[...] > > Indeed, this should be handled better by httpd(8), i think. >
Some more relevant information... RFC 3875 [The Common Gateway Interface (CGI) Version 1.1] in section 4.3.2 HEAD states: The HEAD method requests the script to do sufficient processing to return the response header fields, without providing a response message-body. The script MUST NOT provide a response message-body for a HEAD request. If it does, then the server MUST discard the message-body when reading the response from the script. So scripts *are* violating the CGI specification, but so is the server. If it is decided to that it is the scripts which are at fault, then at least the following (in addition to ftplist.cgi) require attention: cvsweb.openbsd.org man.openbsd.org