1

I have an issue where the web host company is sending header only requests to the server which is then trying to be 'kind' and action them... request data;

 10.252.237.56 - - [29/Mar/2013:15:25:48 +1100] "HEAD / HTTP/1.1" 200 942

How do I detect this in PHP and stop is being passed to the user side of things.

Larry

Larry
  • 13
  • 2
  • Possible duplicate of http://stackoverflow.com/questions/1538065/find-out-http-method-in-php – cutsoy Apr 07 '13 at 08:33

1 Answers1

2
$_SERVER['REQUEST_METHOD']

You can compare this to "HEAD", obviously, and stop your script when they equal.

However, I think the only reason you should want this is performance (though I don't think these requests generate any load at all). From a security standpoint, HEAD requests should not do any harm to your application. You should use authentication, sessions, etc. in order to verify the authenticity of the request. Disabling your web host company from sending these requests won't prevent others from calling a simple GET / (or PUT or some other method that's not implemented).

cutsoy
  • 10,127
  • 4
  • 40
  • 57
  • If you want to block only head requests from your webhost you can also compare the IP addresses of course. – cutsoy Apr 07 '13 at 08:40
  • Can't pick by the ip address as everything is behind load balancers that use the same ip as real requests. Yes we do session but that is the problem the empty request looks like a new session so it causes one to be created. They are doing these polls multiple times a second so being able to 'see' it is a poll and ignore it would be quite helpful. – Larry Apr 07 '13 at 22:27
  • Depending on what platform you're building on, you could set up your health check to look for a different URL (e.g. `/health`). Or you can check for `X-Forwarded-For` headers. – cutsoy Apr 08 '13 at 11:53