Re: [mod-security-users] mod_security status 200
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] mod_security status 200
|
From: Ryan B. <rcb...@gm...> - 2005-11-04 12:08:32
|
Are you just interested in fooling scanners? If so, then you can trap outbound 404 html data with mod_security's output filter like this - SecFilterSelective OUTOUT "The requested file you request does not exist" status:200 You need to trigger on the html text of your 404 pages rather then HTTP Status code line as the output filter does not capture that data. I believe that Ivan is implementing a new directive to allow you to trap outbound status codes. Keep in mind, however that while this will change the status code to 200, the html text that will be displayed will not of much help to real users wh= o have requested a non-existent page. For example, with my Apache setup this is what is returned - HTTP/1.1 200 OK Date: Fri, 04 Nov 2005 12:07:24 GMT Server: Microsoft-IIS/5.0 Content-Length: 497 Connection: close Content-Type: text/html; charset=3Diso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>200 OK</title> </head><body> <h1>OK</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, yo...@ex... and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> </body></html> Connection closed by foreign host. -Ryan On 11/4/05, Peter VE <xx...@im...> wrote: > > Hi, > > I would like to set up my Apache 2.0.55 (with mod_security 1.8.7) to > return a 200 OK for every single request that is made to a non-existing > page. > How can I do this ? > (or do I need to use mod_rewrite for this) > > thanks > > P > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. > Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > -- Ryan C. Barnett Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor: Securing Apache GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache |
