I’m running Apache/2.2.15 (Unix) on a RHEL system. My LAMP is running on localhost.
I want to check if the HTTP methods:
- POST
- GET
- PUT
- DELETE
are allowed and enabled.
I’ve read that they can be checked with netcat or telnet https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
When I try netcat, this is what I get:
[root@joseph ~]# nc localhost 80
OPTIONS / HTTP/1.1
HTTP/1.1 400 Bad Request
Date: Fri, 15 Sep 2017 20:17:12 GMT
Server: Apache/2.2.15 (Red Hat)
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at 127.0.0.1 Port 80</address>
</body></html>
When I try telnet, this is what I get:
[root@joseph ~]# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
OPTIONS / HTTP/1.0
Host localhost
HTTP/1.1 400 Bad Request
Date: Fri, 15 Sep 2017 19:48:30 GMT
Server: Apache/2.2.15 (Red Hat)
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.2.15 (Red Hat) Server at 127.0.0.1 Port 80</address>
</body></html>
Connection closed by foreign host.
I understand that getting a "400 Bad Request" can be due to malformed syntax https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
But when I’m just sending telnet or netcat commands, how could that be?
