Reputation: 3728
Implementing an HTTP Server - do I have to respond to all requests?
If I am making an HTTP server, can I choose to ignore requests I don't want to respond to and let them time out?
I'm just wondering whether I am in any sense better off not responding to requests from potentially malicious sources than responding to them with data I'd rather not serve up, or responding with some 403 Forbidden or similar response that lets them know I exist.
Upvotes: 4
Views: 557
Answers (1)
Reputation: 4006
A 403 should suffice. But I wouldn't let it just time out. If someone is trying to be cheeky, a time out will be more informative than a Service Unavailable 503.
I answered a relevant question a while back, read the question/answer, it's about a specific use case, but it does mention cases where you don't want to return an HTTP status code because it gives too much info.
RFC - 404 or 400 for relation of entity not found in PUT request
Also have a look at this list of HTTP Status codes, you can always use something like Too Many Requests 429, a Not Acceptable 406 or even something like I'm a teapot 418 ;)
Upvotes: 1
Related Questions
- Simple HTTP server in Java using only Java SE API
- How to use java.net.URLConnection to fire and handle HTTP requests
- What are all the possible values for HTTP "Content-Type" header?
- Node.js quick file server (static files over HTTP)
- "Cross origin requests are only supported for HTTP." error when loading a local file
- Why is it common to put CSRF prevention tokens in cookies?
- Python requests - print entire http request (raw)?
- How to redirect all HTTP requests to HTTPS using .htaccess rules?
- What is the fastest way to send 100,000 HTTP requests in Python?