Re: [mod-security-users] core rules
Brought to you by:
victorhora,
zimmerletw
From: marty <ma...@go...> - 2008-07-13 18:12:20
|
> [Ryan Barnett] Netcraft is not doing anything special, they are banner > grabbing your Server response header (which you can spoof with Mod by > the way) and then they are doing passive OS fingerprinting based on the > TCP stack. This data is only somewhat accurate as most organizations > have some form of layer 7 host at their perimeter (proxy/load-balancer) > so Netcraft is actually fingerprinting it. True. Netcraft gets past those rules and gets that spoofed info however. They should get nothing, zip, squat, void, blank, and no ACK, because they are sending bad requests with missing requirements. I am running mod on my proxy and occasionally they even got info from the servers behind it too. My audit logs just show that mod blocked every access, but Netcraft's database shows otherwise. Marty B. -- Electile Dysfunction : the inability to become aroused over any of the choices for President put forth by either party in the 2008 election. |