Best IT Recipes

What are Microsoft Office Protocol and OfficeLiveConnector discovery and why do they access invalid URLs?

I track 404s on my sites, which helps me detect broken links and hacking attempts, but I recently received spam in the logs with these lines in the User Agent. They seem to be trying to check the parent directories of valid resources, but directories are of particular importance to my sites due to overwriting SEO.

Before deciding what to do with this, I would like to know what these UAs are doing and why. If it was a “noise”, I would be happy to completely abandon this connection, otherwise, if they do something useful, I can provide an appropriate answer.

I believe that some of the requests are from my clients, so I can’t do anything too destructive as I would like.

+45
ms-office
Nov 10 '11 at 1:16
source share
5 answers

Microsoft has a kb article that details protocol discovery. In essence, Office is trying to determine if your WebDAV server (or something like that) supports it so that the changes made by the user to the Office document can be discarded directly to the server.

+22
Nov 10 2018-11-11T00:
source share

On servers that I need to support, this is due to html email using external images hosted on our servers.

It seems that Microsoft Office Outlook clients who use Microsoft Word to edit email (and to view them since 2007) launch these Microsoft Office Protocol Discovery requests.

In my case, websites without any online input, I see it as annoying noise. If your site is a kind of sharing site with document editing capabilities, you cannot consider this request as annoying noise depending on your site implementation.

+10
Jan 30 '12 at 15:39
source share

I host a regular website that is not a website that is not a website. Due to the discovery of the Microsoft Office Protocol, I see many errors from failed requests in my log files. To fix them, I recommend disabling WebDAV style queries by disabling the HTTP methods it uses, starting with OPTIONS. It also improves security by avoiding certain HTTP attacks .

I am using Apache 2.4, I recommend the following in httpd.conf:

<Location /> # block HTTP methods: OPTIONS PUT DELETE TRACE CONNECT PATCH AllowMethods GET POST HEAD </Location>

See Apache 2.4 Link

+5
Feb 13 '13 at 20:59
source share

This worked for me:

 # Intercept Microsoft Office Protocol Discovery RewriteCond %{REQUEST_METHOD} ^(OPTIONS|PROPFIND)$ [NC] RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ Office\ Protocol\ Discovery [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ Office\ Existence\ Discovery [OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft\-WebDAV\-MiniRedir.*$ RewriteRule .* - [R=501,L]
+4
Jan 13 '14 at 19:29
source share

I assume that your site is served by a random office document - which is the main cause of this problem. You can probably avoid calls by telling the office so you don’t bother to find out if there’s a possibility of saving.

This can be done by changing the Content-Disposition header in the Serviced Office document. I had this problem when it was configured to:

 Content-Disposition=inline; filename="<my file name>"

Changing it to Attachment eliminated the calls:

 Content-Disposition=Attachment; filename="<my file name>"
+2
Nov 16 '16 at 10:29
source share


More articles:


All Articles