I'm seeing entries in my Apache logs like the following
178.216.185.210 - - [24/Feb/2014:11:46:40 -0500] "COOK /freesearch.php?portal=0a9&... HTTP/1.0" 303 589 "-" "Mozilla/4.0 (compatible; Synapse)"
with COOK in place of the usual GET or POST.
I've tried a variety of search terms and can't find any info on what this might be. I've also Googled the user-agent string and discovered that it is likely a script built with Ararat Synapse. And judging by the other requests made with that user-agent string, this is someone who is up to no good.
So is this just some made up request method?
How does Apache handle unknown request methods? The response status code for all COOK requests is logged as 303. So is Apache saying See Other and just providing the same URI? I don't see another hit from same IP, so I am assuming response is simply logged or ignored. They probably come back later from another IP.
So my script is never run, correct?
Best Answer
It's not a method defined in any HTTP standards, that's for sure. Probably some 'custom' methods implemented by proprietary webservers.
Since it's an unknown method, Apache shouldn't execute anything. According to Wikipedia's article on HTTP 303, and I quote:
so basically Apache is telling the client to retry the request using the GET method.