This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] HTTP/HTTPS probe

Previous message (by thread): [atlas] HTTP/HTTPS probe
Next message (by thread): [atlas] HTTP/HTTPS probe

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mark Delany f4w at echo.emu.st
Thu Nov 21 19:23:05 CET 2013

On 21Nov13, Richard Barnes allegedly wrote:
> > GET requests should not alter state; if they do, arguably the problem
> > there lies with the design of the faulty website.
> >
> >
> Indeed, that is what the HTTP spec says. But there are a good number of
> fault websites out there, and it seems bad to have Atlas be a tool to
> exploit them.

Agreed. Given the infinite monkeys that have written piblic facing web
services, there is bound to be web sites that use HTTP verbs in weird
and wonderful ways.

But what about using HEAD?

That would serve a lot of monitoring purposes as it can give you
connect time and time to first byte, it doesn't return any content so
the problem of fetching dodgy content is mitigated and the size of the
payload is much more constrained.

Another alternative is to only allow something like the "OPTION" or
"TRACE" verbs.

For those probing their own systems they could implement these VERBs
but even if those VERBS aren't implemented you still get time to first
byte as a consequence of the error returned.

Mark.

Previous message (by thread): [atlas] HTTP/HTTPS probe
Next message (by thread): [atlas] HTTP/HTTPS probe

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]