RE: reverse proxy identification
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Mon, 15 Jan 2007 11:55:54 -0500
-----Original Message-----
Subject: reverse proxy identification
When I browse to the IPs with firefox, I recieve several messages "No website is configured at this
address." for some IP.proxy/web server product ?
Does anybody here know if this message is specific to a given reverse
That's an IIS message.
For evidence of a reverse proxy - particularly one that's doing app
firewalling - look for it to block stuff that's attack-like. For instance:
Request: /sexpistols.asp?track=god%20save%20the%20queen
Response: 200
Request: /sexpostols.asp?track=anarchy/../in/../the/../uk
Response: 302, 404, or some other response that suggests the app never saw
your request
If you're using Nessus, recent versions will often report the presence of
urlscan when a web app 'firewall' is in front of the actual web server.
PaulM
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- reverse proxy identification
- From: sami ghourabi
- reverse proxy identification
- Prev by Date: SV: Community Rainbow Tables downloading
- Next by Date: RE: Mile2 Training (Certifications)
- Previous by thread: Re: reverse proxy identification
- Next by thread: Re: reverse proxy identification
- Index(es):
Relevant Pages
|
