Support » Plugin: BulletProof Security » [Plugin: BulletProof Security] Your blog doesn't support HTTP HEAD requests (403).

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author AITpro

    (@aitpro)

    If you want to allow HEAD Requests then remove HEAD from this nuisance filter in the Root .htaccess file.

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD requests from bots that you want to allow in certain cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    My choice is not clear #request methods filtered …..

    Thanks for your explanation. I wait your next version

    Plugin Author AITpro

    (@aitpro)

    This is not a problem in the code. This is permanent and will never be changed in BPS – I find junk bots and spam bots a nuisance. If you want to allow junk bots and spam bots to send HEAD Requests to your website then modify the code as I have done below.

    # REQUEST METHODS FILTERED
    # This filter is for blocking junk bots and spam bots from making a HEAD request, but may also block some
    # HEAD requests from bots that you want to allow in certain cases. This is not a security filter and is just
    # a nuisance filter. This filter will not block any important bots like the google bot. If you want to allow
    # all bots to make a HEAD request then remove HEAD from the Request Method filter.
    # The TRACE, DELETE, TRACK and DEBUG request methods should never be allowed against your website.
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
    RewriteRule ^(.*)$ - [F,L]

    I think I do not need to remove (HEAD

    OK , thanks AITpro

    Plugin Author AITpro

    (@aitpro)

    Yep good choice. 😉 You are not going to block any legitimate things by leaving this (only junk and spam bots) and I have no idea why a “site tester” would use HEAD to “check” a website to see if it is up or “working” when you can simply just request a file, which would be a much more accurate test to see if a site is operational. Maybe it is just a lazy coding / checking thing that did not have much thought put into it? Thanks.

    We noticed a similar issue. We use siteuptime.com to monitor our sites and they use head requests, which are being blocked. Would it be possible to allow specific IP’s to make head requests?

    Plugin Author AITpro

    (@aitpro)

    Yeah i guess you could do that by doing this below, but it is actually ok just to remove HEAD from the filter. The worst that happens it you just get a bunch of spam and junk bots sniffing around your website.

    Modify the Request Methods Filter code like this. I have not actually tested this, but in theory it should work. So try it out and let me know if it works. Thanks

    Code Removed. DOH this will kill all referrers LOL
    Give me a minute to come up with something else.

    Plugin Author AITpro

    (@aitpro)

    I’m sure there is some way to do this, but everything i have looked at creates other problems so for now the best solution is just to remove HEAD.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘[Plugin: BulletProof Security] Your blog doesn't support HTTP HEAD requests (403).’ is closed to new replies.