>>>>> On 2007-03-05 13:24 PST, Joe Orton writes: Joe> On Mon, Mar 05, 2007 at 09:33:56PM +0100, Ruediger Pluem wrote: >> On 03/03/2007 05:47 AM, Karl Chen wrote: present. Also >> other issues like noise in the log file. I've also seen >> people complaining that "GET /" might incur the cost of >> dynamic content generation for /. >> >> Hm. Just thinking loud. Can we avoid this if we replace GET >> / with OPTIONS /?
Joe> Doing "OPTIONS *" as Bill notes is probably the best Joe> option available for the dummy connection, though it will Joe> still be confusing for users (possible more confusing, Joe> since that request rarely if ever seen "in the wild"). Thanks for the input everyone and pointers to the bugzilla issues. "OPTIONS *" is a definite improvement over "GET /" for performance. What about the NOOP idea? If the connection could be reliably detected to be coming from [EMAIL PROTECTED], would there still be a risk of an attack going unnoticed? It seems reasonable to elide those messages by default, or at least write them to a different log file. I'd say the risk of a real attack getting drowned in noise is currently higher than a kernel that allows spoofing TCP connections from localhost. Apache could also look at the srcport to check that it's coming from the httpd process+user. And it could create a nonce at startup and only elide messages with the proper nonce. Lots of ways to authenticate yourself to yourself :) -- Karl 2007-03-16 19:18