B4J Question Jetty Server - HEAD request & error piping

[hatzisn]

Good morning everyone,

I have a double question to ask. Let's start with the first:

1) I have a B4J app running in a Docker container and today I saw this in the logs. I googled about the HEAD request and it mentions that it returns the same information with GET but with no body to the request. What should I make out of this request log? What did the client requested? I cannot see the requesting address as it gets reverse proxied and the 172.19.X.X is the address of the container of Nginx Proxy Manager. Can somebody make out anything from this?

172.19.X.X - - [06/Dec/2022:02:28:09 +0000] "HEAD / HTTP/1.1" 200 1 "-" "Go-http-client/1.1"
172.19.X.X - - [06/Dec/2022:02:28:11 +0000] "HEAD / HTTP/1.1" 200 1 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36"
172.19.X.X - - [06/Dec/2022:02:28:12 +0000] "GET / HTTP/1.1" 200 1 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36"

2) In .net, in WebForms there is the Global.asax file which is the global handler. If something goes wrong with the page then it passes the information to this file and you can send it with e-mail to your e-mail. I searched in the forum for something relevant and the only thing I found was the handling of custom errors but this does not pass the querystring requested as in a .net handler (.asax) so you can figure out what the client requested. Is there something like this available in jettyserver? Further more you do not get the chance as in .asax to pipe all errors into this file in order to mention a caught error to you.

 

[drgottjr]

head is an inexpensive way to find out about some
servier that you're looking to hack, i mean,
connect with.

the caller's ip address - if not spoofed - should
be available in nginx's logs. but it will probably
only tell you the address of the last proxy being
used by the caller (from within a chain of proxies).

head is a valid http request of and by itself;
there is no other "request" attached to it. it's simply
one of the many, many probes for an outward-
facing server.

 

[Erel]

1. I'm using HEAD requests in all kinds of situations where you just want to learn about the remote resource. I guess that these requests were sent by the browser for some reason.

2. You can create an error handler instead of a static page, and let it write the error to a file: https://www.b4x.com/android/forum/threads/server-custom-error-pages.38812/#content
I'm not sure whether you will be able to get all the information directly. Maybe you can store the parameters in the http session when the original handler starts and check it from the error handler.

 

[hatzisn]

Thanks a lot.