我在 RHEL 系统上运行 Apache/2.2.15 (Unix)。我的 LAMP 在本地主机上运行。
我想检查 HTTP 方法是否:
- 邮政
- 得到
- 放
- 删除
被允许并启用。
我读到过可以用 netcat 或 telnet 检查它们https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
当我尝试 netcat 时,我得到的结果如下:
[root@joseph ~]# nc localhost 80
OPTIONS / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Fri, 15 Sep 2017 20:17:12 GMT
Server: Apache/2.2.15 (Red Hat)
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at 127.0.0.1 Port 80</address>
</body></html>
当我尝试 telnet 时,我得到的结果如下:
[root@joseph ~]# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
OPTIONS / HTTP/1.0
Host localhost
HTTP/1.1 400 Bad Request
Date: Fri, 15 Sep 2017 19:48:30 GMT
Server: Apache/2.2.15 (Red Hat)
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at 127.0.0.1 Port 80</address>
</body></html>
Connection closed by foreign host.
我理解收到“400 错误请求”可能是由于语法错误https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
但是当我只是发送 telnet 或 netcat 命令时,怎么会这样呢?
答案1
nc您的尝试和尝试均未telnet提供有效的 HTTPHost请求标头。不允许发送没有此标头的 HTTP/1.1 请求,并且必须使用 400 Bad Request 响应拒绝此类请求。
在第一种情况下,它缺失了,而在第二种情况下,它确实是畸形的。
该标题应显示为:
Host: localhost