WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Your blog doesn't support HTTP HEAD requests (403). (9 posts)

  1. edyzen
    Member
    Posted 2 years ago #

    Hi , After install and activated this plugin , I got some message from ismyblogworking.com :

    Your blog is broken
    Your blog doesn't support HTTP HEAD requests (403).

    Your feed doesn't support HTTP HEAD requests (403).

    my blog is http://www.propertipilihan.com

    For security I don't know that messages good or not ?
    I Need your suggestion ? thanks

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    If you want to allow HEAD Requests then remove HEAD from this nuisance filter in the Root .htaccess file.

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD requests from bots that you want to allow in certain cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
  3. edyzen
    Member
    Posted 2 years ago #

    My choice is not clear #request methods filtered .....

    Thanks for your explanation. I wait your next version

  4. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    This is not a problem in the code. This is permanent and will never be changed in BPS - I find junk bots and spam bots a nuisance. If you want to allow junk bots and spam bots to send HEAD Requests to your website then modify the code as I have done below.

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD requests from bots that you want to allow in certain cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]
  5. edyzen
    Member
    Posted 2 years ago #

    I think I do not need to remove (HEAD

    OK , thanks AITpro

  6. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yep good choice. ;) You are not going to block any legitimate things by leaving this (only junk and spam bots) and I have no idea why a "site tester" would use HEAD to "check" a website to see if it is up or "working" when you can simply just request a file, which would be a much more accurate test to see if a site is operational. Maybe it is just a lazy coding / checking thing that did not have much thought put into it? Thanks.

  7. Diesel12
    Member
    Posted 2 years ago #

    We noticed a similar issue. We use siteuptime.com to monitor our sites and they use head requests, which are being blocked. Would it be possible to allow specific IP's to make head requests?

  8. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    Yeah i guess you could do that by doing this below, but it is actually ok just to remove HEAD from the filter. The worst that happens it you just get a bunch of spam and junk bots sniffing around your website.

    Modify the Request Methods Filter code like this. I have not actually tested this, but in theory it should work. So try it out and let me know if it works. Thanks

    Code Removed. DOH this will kill all referrers LOL
    Give me a minute to come up with something else.

  9. AITpro
    Member
    Plugin Author

    Posted 2 years ago #

    I'm sure there is some way to do this, but everything i have looked at creates other problems so for now the best solution is just to remove HEAD.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic