-1

I was getting tired of seeing piles of series of partial content 206 requests in my logs, most likely from pdf read-while-loading browsers. So I set "accept-ranges none". The number of 206's went WAY down after that. But there still are a few, occasionally. Why? Maybe I misunderstood, but I thought that setting told the client that it had to grab the whole resource at one time.

I guess I'm wondering why, if partial content requests are supposed to be rejected, how is it that some such requests manage to get through?

user618
  • 101
  • 2

1 Answers1

0

How exactly are you setting "accept-ranges none"?

If I theory craft for a moment, The server sends the header to the client browser after a request is received. If the content-range request is the first received, the browser does not KNOW what headers you will and won't accept. It blindly sends the partial request and your Apache instance handles it as requested.

Alternatively, the browser may not respect your accept-ranges header (although your observations suggest that the vast majority do).

If you are looking to disable the behavior server side something like:

RewriteEngine On
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 3
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*-[0-9]*)+
RewriteRule .* - [F]

Might help out. See the below link for more details:

https://bechtsoudis.com/hacking/use-mod_rewrite-to-protect-from-apache-killer/

Daniel Widrick
  • 3,418
  • 2
  • 12
  • 26
  • The way I did it is pretty simple. I just put "Header set Accept-Ranges none" in my .htaccess file. As you note, the vast majority of my clients seem to be obeying that. But a few don't. Your suggestion that my server is just suggesting to the client that we don't want partial requests is an interesting one. The client may or may not obey that request. Perhaps of some significance is that when I look at a random subset of the IPs that are still being served partials from my U.S. site, they are *all* international. Korea, China, Denmark. Your server-disable command set looks intriguing. – user618 Feb 25 '14 at 19:10
  • I should note that when I look at the header supplied by my server, there is no "Accepted-Ranges" specified. In searching around, I see references to "Accepted-Ranges" as the server advising the client how it would like to serve the resource. That would suggest that you're correct. I'm not telling people I can do partial serves, which should be interpreted as a request not to ask for them. But clients can ignore that implicit request. I do find it curious that there is no simple way to disable partial serves. – user618 Feb 26 '14 at 00:45
  • Well, I tried that Rewrite code in my .htaccess file. I still get 206 requests. Not clear that did anything at all. Yes, what I need is a server-side disabling of Range access. – user618 Mar 01 '14 at 18:23
  • well apache is open source... i would personally just ignore the requests. Block any problems another way. – Daniel Widrick Mar 01 '14 at 23:20