Re: [mod-security-users] Problem trying to catch malformed requests
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Problem trying to catch malformed requests
|
From: Leandro M. <lme...@cy...> - 2005-08-19 17:50:36
|
Exactly why I asked about the problem of not been able to catch malformed requests... I was investigating how httprint identifies de remote host, and trying to filter this. regards, Leandro On Fri, 2005-08-19 at 08:08 -0400, Ryan Barnett wrote: > Another small benefit of plugging mod_security into hook-0 would be > its ability to alter the sematic characteristics of Apache that web > server fingerprinting apps often rely on for accuracy. > > HTTPrint - > http://net-square.com/httprint/index.html > > Identification of web servers despite the banner string and any other > obfuscation. httprint can successfully identify the underlying web > servers when their headers are mangled by either patching the binary, > by modules such as mod_security.c or by commercial products such as > ServerMask. > > HTTPrint sends malformed requests that Apache will respond to is a > distinct way. Allowing Mod_Security to get the first crack at > inspecting these requests will help to alter the default Apache > responses. > > Looks like it is time to have some fun with Mod_Security's "status" > flag and see how these fingerprinters react :) > ---------------------------- Leandro Meiners CYBSEC S.A. Security Systems E-mail: lme...@cy... Tel/Fax: [54-11] 4382-1600 Web: http://www.cybsec.com |
