views:

81

answers:

2

On my site I have a very basic setup: an 'a href' tag that just points to a file. Nothing fancy:

<a href="/path/to/my/file.doc">File</a>

No fancy javascript, nothing. Some users who are using old IE versions less than 8 have been having spotty problems downloading different files like this. What I've been able to trace it back to is that IE will send an OPTIONS request for the file (and even then not all the time). Since I'm not running a Webdav server, I had mod_security set at the default to reject those non-normal header, so it returns a 500 response.

IE8, Firefox, and Chrome do not do an OPTIONS request and therefore never have a problem.

Do I need to set something up differently on my end to IE stop sending an OPTIONS request and just a standard GET request?

Running:

  • CentOS 5.3
  • Apache 2.2.8
  • mod_security 2.5.0
A: 

Why 500 SERVER ERROR? Why not 405 Method Not Allowed? (See RFC2616 10.4.3)

Moose Morals
Dunno, that's a better question for the mod_security team. That's the stock rule
dragonmantank
A: 

At some point I found an article that said that IE will send the OPTIONS request on direct file downloads as just part of how it functions.

dragonmantank