On Tue, Aug 23, 2011 at 02:15:16PM +0200, Lazy wrote:
2011/8/23 Stefan Fritsch <[email protected]>:
> http://seclists.org/fulldisclosure/2011/Aug/175
>
> I haven't looked into it so far. And I am not sure I will have time today.
>
it is sending HEAD requests with lots of ranges
HEAD / HTTP/1.1
Host: xxxx
Range:bytes=0-,5-1,5-2,5-3,.....
…
doeas Range in HEAD request have any sense at all ?
One /possible/ use is as an equivalent for a conditional GET, ie
GET / HTTP/1.1
Host: xxx
Range: bytes=1024-
If-Range: "foo"
…to which the correct response should I think be either 200 or 206 depending
on whether the document is modified.
But it's a pretty odd case. I can't imagine any published client or proxy
that would make such a request. It would in any case be acceptable to
return a 200 response instead; RFC 2616 states that "A server MAY ignore
the Range header"
Tim Bannister
