httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: URL scanning by bots
Date Wed, 01 May 2013 12:00:47 GMT

Am 01.05.2013 13:51, schrieb André Warnier:
> There is so far one possible pitfall, which was identified by someone earlier on this
list : the fact that delaying
> 404 responses might have a bad effect on some particular kind of usage by legitimate
clients/users.  So far, I
> believe that such an effect could be mitigated by the fact that this option could be
turned off, by any webserver
> administrator with a modicum of knowledge

do you really not understand it?

anything which bring security risks and makes normal operations more
fragile MUST NOT be the default behavior of a webserver

and YES making DOS-attacks easier is treatet as security risk by any
professional auditor and there where i work "threat middle" means
"fix it or shut down the customers project" and the last  time i got
this was by a not visible protection against Slowloris from the view
of the security-scanner

here you have something to read and learn that more and more attacks
are done this way by exhausting ressources without high bandwith and
THIS are the real problems server-admins have to fight and not the noise
you see on your small site

View raw message