This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ripe-atlas@ripe.net/
[atlas] HTTP/HTTPS probe
- Previous message (by thread): [atlas] HTTP/HTTPS probe
- Next message (by thread): [atlas] HTTP/HTTPS probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mark Delany
f4w at echo.emu.st
Thu Nov 21 19:23:05 CET 2013
On 21Nov13, Richard Barnes allegedly wrote: > > GET requests should not alter state; if they do, arguably the problem > > there lies with the design of the faulty website. > > > > > Indeed, that is what the HTTP spec says. But there are a good number of > fault websites out there, and it seems bad to have Atlas be a tool to > exploit them. Agreed. Given the infinite monkeys that have written piblic facing web services, there is bound to be web sites that use HTTP verbs in weird and wonderful ways. But what about using HEAD? That would serve a lot of monitoring purposes as it can give you connect time and time to first byte, it doesn't return any content so the problem of fetching dodgy content is mitigated and the size of the payload is much more constrained. Another alternative is to only allow something like the "OPTION" or "TRACE" verbs. For those probing their own systems they could implement these VERBs but even if those VERBS aren't implemented you still get time to first byte as a consequence of the error returned. Mark.
- Previous message (by thread): [atlas] HTTP/HTTPS probe
- Next message (by thread): [atlas] HTTP/HTTPS probe
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]