1

I have an issue where the web host company is sending header only requests to the server which is then trying to be 'kind' and action them... request data;

 10.252.237.56 - - [29/Mar/2013:15:25:48 +1100] "HEAD / HTTP/1.1" 200 942

How do I detect this in PHP and stop is being passed to the user side of things.

Larry

Improve this question
1

1 Answer 1

Reset to default
2 
$_SERVER['REQUEST_METHOD']

You can compare this to "HEAD", obviously, and stop your script when they equal.

However, I think the only reason you should want this is performance (though I don't think these requests generate any load at all). From a security standpoint, HEAD requests should not do any harm to your application. You should use authentication, sessions, etc. in order to verify the authenticity of the request. Disabling your web host company from sending these requests won't prevent others from calling a simple GET / (or PUT or some other method that's not implemented).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

If you want to block only head requests from your webhost you can also compare the IP addresses of course.
Can't pick by the ip address as everything is behind load balancers that use the same ip as real requests. Yes we do session but that is the problem the empty request looks like a new session so it causes one to be created. They are doing these polls multiple times a second so being able to 'see' it is a poll and ignore it would be quite helpful.
Depending on what platform you're building on, you could set up your health check to look for a different URL (e.g. /health). Or you can check for X-Forwarded-For headers.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.