Interesting Response

Mojo's Avatar

Mojo

07 Jul, 2013 06:37 PM

I ran an initial scan against one of our production web servers and was told by the report that it found some interesting responses returning a "200 OK". When I try to manually verify these by entering the url in a browser, using ls on the webdir's filesystem, viewing the config files, etc. I can not confirm one single instance of the issues reported by the tool. I know without specific examples I can't expect much of a response. However, is this common? Are there typically a lot of false positives? In your experience, what would be the most common cause for this behavior?

  1. Support Staff 1 Posted by Tasos Laskos on 07 Jul, 2013 06:45 PM

    Tasos Laskos's Avatar

    The module's intention is to log responses with codes which aren't 200 nor 404. Are you sure the responses it logged had a status code of 200?
    Also, these issues are strictly logged for informational reasons (hence the severity level of "Informational"), they are a heads up that the behavior of the webapp deviated from the norm in some way.

  2. Support Staff 2 Posted by Tasos Laskos on 19 Jul, 2013 07:28 PM

    Tasos Laskos's Avatar

    Closing this since you don't seem to have any more questions.

  3. Tasos Laskos closed this discussion on 19 Jul, 2013 07:28 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac