This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting 100's of these messages a day??

Hi all,
Correct me if I'm wrong, but don't I want the Search Engines spiders coming through the firewall to index my site?
Here's the message. Typically the dns points to Looksmart, Yahoo, or Google.

A packet was identified that may be part of an intrusion attempt.
The packet was detected by the Intrusion Detection system. The matching
rule classified this as medium priority level. The packet properties
and the alert reason are:

[1:1852:0] A WEB-MISC robots.txt access [Classification: access to a potentially vulnerable web application] [Priority: 2]: {PROTO006} 68.142.251.159:59400 -> 192.168.1.200:80

200 is my webserver.
68.142.251.159 points to Yahoo!.

Any suggestions, is there a way to allow these??
Thanks,
Frank

This thread was automatically locked due to age.

0 bagira over 20 years ago

Do I understand you right, and you do NOT want to allow spiders to read your robots.txt?
To block this with your IPS, set the action of the following rules to block:
Web-Misc >> WEB-MISC robots.txt access (ID 1852 and 1857).
This will block the access of search engines to the file robots.txt on your webserver.
Hope this helps,
/bagira
Cancel
Vote Up 0 Vote Down

Cancel
0 unkfrank12 over 20 years ago

Hey Bagira,
No, I definitely want them to come through. How do I allow this and stop all of these messages?
thanks,
Frank
Cancel
Vote Up 0 Vote Down

Cancel
0 andreas over 20 years ago in reply to unkfrank12

Do the reverse of what bagira said. Go to the mentioned IPS rule(s) and disable them.
Cancel
Vote Up 0 Vote Down

Cancel