HTTP Protocol Question regarding message types HEAD and OPTIONS
I have found some rather disturbing messages built into the HTTP protocol like
I say disturbing because it is a security nightmare isn't it?
I had thought that the HEAD /page.html HTTP/1.1
request command would be harmless enough but then I came across: http://apache-range-exploit.com/
There is also supposed to be an OPTIONS request message that also fails to work on Apache servers.
Can anyone comment on this odd RFC 1226?