IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: robots.txt access rules

From: "Ferruh Mavituna" <ferruh () mavituna com>
Date: Thu, 22 Jan 2004 09:52:14 +0200
Hi;
Inactive rule, don't put link to your restricted areas, don't put them to
robots.txt.

If you have to put link to your restricted areas, do it by javascript so
spiders can't follow these links. 

Ferruh.Mavituna
http://feruh.mavituna.com
PGPKey : http://ferruh.mavituna.com/PGPKey.asc

-----Original Message-----
From: Federico Petronio [mailto:petrus () activesec biz] 
Sent: Wednesday, January 21, 2004 4:15 PM
To: focus-ids () securityfocus com
Subject: robots.txt access rules

Hi all...

I have installed snort-inline and I am customizing rulesets.

My cuestion is about the rule sid:1852 which match accesses to 
/robots.txt files. The goal of this rule is to not let access to 
information about sensitive areas of the webserver (which can be use to 
achive knowledge about restricted areas, etc), but if they are not 
present Google, etc. would intent to index those areas... So... what 
shoud I do? Is it better to have that rule active or inactive? The 
restriccted areas should be RESTRICTED and not just "hidden" so... the 
rule make no sence?

I would like to hear you opions about this... Thanks a lot.
-- 
                                         Federico Petronio
                                         petrus () activesec biz


---------------------------------------------------------------------------
---------------------------------------------------------------------------



---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: