December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Recipe 3-2: Adding Fake robots.txt Disallow Entries
This recipe shows you how to add additional Disallow entries to the robots.txt file to alert when clients attempt to access these locations.
Ingredients
- ModSecurity Reference Manual2
- SecContentInjection directive
- Append action
- Apache Header directive
Robots Exclusion Standard
The Robots Exclusion Standard was created to allow web site owners to advise search engine crawlers about which resources they are allowed to index. A file called robots.txt is placed in the document root of the web site. In this file, the site administrator can include allow and disallow commands to instruct web crawlers which resources to access. Here are some examples of robots.txt entries:
User-agent: *
Allow: /
User-agent: Googlebot
Disallow: /backup/
Disallow: /cgi-bin/
Disallow: /admin.bak/
Disallow: /old/The first entry means that all crawlers are allowed to access and index the entire site. The second entry states that Google’s Googlebot crawler should not access four different directories. Looking at the names of these directories, this makes sense. They might contain sensitive data or files that the web site owners do not want Google to index.
robots.txt serves a legitimate purpose, but do you see a problem with using it? The robots exclusion standard is merely a suggestion and does not function as access control. The issue is that you are basically letting external clients know about specific sensitive areas of your web site that you ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.