robots.txt access rules
From: Federico Petronio (petrus_at_activesec.biz)
Date: 01/21/04
- Previous message: SecurIT Informatique Inc.: "Release : LogIDS 2.2 and LogAgent 5.2"
- Next in thread: Mark Blaszczyk: "Re: robots.txt access rules"
- Reply: Mark Blaszczyk: "Re: robots.txt access rules"
- Reply: Ferruh Mavituna: "RE: robots.txt access rules"
- Reply: Krzysztof Zaraska: "Re: robots.txt access rules"
- Maybe reply: Seymour, Keith E.: "RE: robots.txt access rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jan 2004 11:14:58 -0300 To: focus-ids@securityfocus.com
Hi all...
I have installed snort-inline and I am customizing rulesets.
My cuestion is about the rule sid:1852 which match accesses to
/robots.txt files. The goal of this rule is to not let access to
information about sensitive areas of the webserver (which can be use to
achive knowledge about restricted areas, etc), but if they are not
present Google, etc. would intent to index those areas... So... what
shoud I do? Is it better to have that rule active or inactive? The
restriccted areas should be RESTRICTED and not just "hidden" so... the
rule make no sence?
I would like to hear you opions about this... Thanks a lot.
--
Federico Petronio
petrus@activesec.biz
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: SecurIT Informatique Inc.: "Release : LogIDS 2.2 and LogAgent 5.2"
- Next in thread: Mark Blaszczyk: "Re: robots.txt access rules"
- Reply: Mark Blaszczyk: "Re: robots.txt access rules"
- Reply: Ferruh Mavituna: "RE: robots.txt access rules"
- Reply: Krzysztof Zaraska: "Re: robots.txt access rules"
- Maybe reply: Seymour, Keith E.: "RE: robots.txt access rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
