robots.txt access rules

From: Federico Petronio (petrus_at_activesec.biz)
Date: 01/21/04

  • Next message: Mark Blaszczyk: "Re: robots.txt access rules"
    Date: Wed, 21 Jan 2004 11:14:58 -0300
    To: focus-ids@securityfocus.com
    
    

    Hi all...

    I have installed snort-inline and I am customizing rulesets.

    My cuestion is about the rule sid:1852 which match accesses to
    /robots.txt files. The goal of this rule is to not let access to
    information about sensitive areas of the webserver (which can be use to
    achive knowledge about restricted areas, etc), but if they are not
    present Google, etc. would intent to index those areas... So... what
    shoud I do? Is it better to have that rule active or inactive? The
    restriccted areas should be RESTRICTED and not just "hidden" so... the
    rule make no sence?

    I would like to hear you opions about this... Thanks a lot.

    -- 
                                             Federico Petronio
                                             petrus@activesec.biz
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Mark Blaszczyk: "Re: robots.txt access rules"