Netcraft triggering a false positive

Thread: Netcraft triggering a false positive

Search this list only Search all lists
Netcraft triggering a false positive
United Kingdom	2007-03-31 05:26:19
-------------------------------------------------------- [Fri Mar 30 09:30:17 2007] [error] [client 194.72.238.62] ModSecurity: Warning. Operator EQ match: 0. [id "960008"] [msg "Request Missing a Host Header"] [severity "WARNING"] [uri "/"] [unique_id "rmWrWsPy7C4AABykGm4AAAAM"] -------------------------------------------------------- That IP is netcraft which I believe is bona fide. Can this rule be modified or something put in to allow 194.72.238.62 to bypass the rule? ------------------------------------------------------------ ------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default. php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ mod-security-users mailing list mod-security-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod- security-users

Re: Netcraft triggering a false positive
United States	2007-04-01 17:42:52
Hi Jerry, While such an exception can certainly be made to the Core Rule Set, some questions come to mind: - Why do you want to allow NetCraft in? By allowing others to learn about your server without leaving any traces on the server itself NetCraft can serve the bad guys. Is there a legitimate reason to allow the NetCraft crawler in? - Assuming we want to allow NetCraft in: it is probably not the only one. Do you know about a publicly available white list of IP addresses that can be used to exclude the rule? ~ Ofer Shezaf ModSecurity Core Rule Set project leader > -----Original Message----- > From: mod-security-users-bounceslists.sourceforge.net [mailto:mod- > security-users-bounceslists.sourceforge.net] On Behalf Of Jerry > Sent: Saturday, March 31, 2007 1:26 PM > To: mod-security-userslists.sourceforge.net > Subject: [mod-security-users] Netcraft triggering a false positive > > -------------------------------------------------------- > [Fri Mar 30 09:30:17 2007] [error] [client 194.72.238.62] ModSecurity: > Warning. Operator EQ match: 0. [id "960008"] [msg "Request Missing a > Host > Header"] [severity "WARNING"] [uri "/"] [unique_id > "rmWrWsPy7C4AABykGm4AAAAM"] > -------------------------------------------------------- > > That IP is netcraft which I believe is bona fide. Can this rule be > modified > or something put in to allow 194.72.238.62 to bypass the rule? > > > > > ------------------------------------------------------------ ----------- > -- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.ph p?page=join.php&p=sourceforge&CID=DEVD > EV > _______________________________________________ > mod-security-users mailing list > mod-security-userslists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/mod- security-users ------------------------------------------------------------ ------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default. php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ mod-security-users mailing list mod-security-userslists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod- security-users

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )