IDS mailing list archives
RE: robots.txt access rules
From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Thu, 22 Jan 2004 09:52:14 +0200
Hi; Inactive rule, don't put link to your restricted areas, don't put them to robots.txt. If you have to put link to your restricted areas, do it by javascript so spiders can't follow these links. Ferruh.Mavituna http://feruh.mavituna.com PGPKey : http://ferruh.mavituna.com/PGPKey.asc -----Original Message----- From: Federico Petronio [mailto:petrus () activesec biz] Sent: Wednesday, January 21, 2004 4:15 PM To: focus-ids () securityfocus com Subject: robots.txt access rules Hi all... I have installed snort-inline and I am customizing rulesets. My cuestion is about the rule sid:1852 which match accesses to /robots.txt files. The goal of this rule is to not let access to information about sensitive areas of the webserver (which can be use to achive knowledge about restricted areas, etc), but if they are not present Google, etc. would intent to index those areas... So... what shoud I do? Is it better to have that rule active or inactive? The restriccted areas should be RESTRICTED and not just "hidden" so... the rule make no sence? I would like to hear you opions about this... Thanks a lot. -- Federico Petronio petrus () activesec biz --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- robots.txt access rules Federico Petronio (Jan 21)
- Re: robots.txt access rules Mark Blaszczyk (Jan 21)
- RE: robots.txt access rules Ferruh Mavituna (Jan 22)
- Re: robots.txt access rules Krzysztof Zaraska (Jan 22)
- <Possible follow-ups>
- RE: robots.txt access rules Seymour, Keith E. (Jan 22)
- Re: robots.txt access rules James Fields (Jan 22)