What are "Microsoft Office Protocol Discovery" and "OfficeLiveConnector" and why do they access invalid URLs?

ms-office
SpliFF picture SpliFF · Nov 10, 2011 · Viewed 42.2k times · Source

I monitor 404s on my sites closely which helps me detect broken links and hacking attempts but I've recently been getting log spam from browsers with these strings in the User Agent. They seem to be trying to scan parent directories of valid resources but directories have special meaning to my sites due to SEO rewriting.

Before I decide what to do about it I'd like to know what these UAs are trying to do and why. If it's just "noise" I'd be happy to drop the connection entirely otherwise if they do something useful I could provide an appropriate response.

I believe some of the requests are from my clients so I can't do anything too disruptive, as much as I'd like to.

Answer

bmm6o picture bmm6o · Nov 10, 2011

Microsoft has a kb article (link currently broken, Internet Archive snapshot) that covers Protocol Discovery in fine detail. Essentially, Office is trying to determine if your server supports WebDAV (or something like it) so that changes the user makes to the Office document can be pushed back directly to the server.

Related questions

What is a correct mime type for docx, pptx etc?

For older *.doc documents this was enough: header("Content-Type: application/msword"); What mime type should I use for new docx documents? Also for pptx and xlsx documents?

Read More
Reading Excel files from C#

Is there a free or open source library to read Excel files (.xls) directly from a C# program? It does not need to be too fancy, just to select a worksheet and read the data as strings. So far, I've …

Read More
Where does VBA Debug.Print log to?

Where does Debug.Print output messages?

Read More