IDS mailing list archives

Re: robots.txt access rules

From: "Mark Blaszczyk" <mark () diversit com au>
Date: Thu, 22 Jan 2004 10:10:31 +0800

Greetings Federico,
 
I don't beleive that the rule has no perpose, I agree that it could be very
trivial on restricted/hidden folders/files but adleast it will give some
sort of indication of someone poking around, And you never know when you may
overlook permissions either.
 
Kind Regards,
 
Mark Blaszczyk.
 
www.diversit.com.au
 
 
-------Original Message-------
 
From: Federico Petronio
Date: Thursday, January 22, 2004 09:14:33
To: focus-ids () securityfocus com
Subject: robots.txt access rules
 
Hi all...
 
I have installed snort-inline and I am customizing rulesets.
 
My cuestion is about the rule sid:1852 which match accesses to
/robots.txt files. The goal of this rule is to not let access to
information about sensitive areas of the webserver (which can be use to
achive knowledge about restricted areas, etc), but if they are not
present Google, etc. would intent to index those areas... So... what
shoud I do? Is it better to have that rule active or inactive? The
restriccted areas should be RESTRICTED and not just "hidden" so... the
rule make no sence?
 
I would like to hear you opions about this... Thanks a lot.
--
Federico Petronio
petrus () activesec biz
 
 
---------------------------------------------------------------------------
---------------------------------------------------------------------------
.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

robots.txt access rules Federico Petronio (Jan 21)
- Re: robots.txt access rules Mark Blaszczyk (Jan 21)
- RE: robots.txt access rules Ferruh Mavituna (Jan 22)
- Re: robots.txt access rules Krzysztof Zaraska (Jan 22)
- <Possible follow-ups>
- RE: robots.txt access rules Seymour, Keith E. (Jan 22)
  - Re: robots.txt access rules James Fields (Jan 22)