Last post Jun 06, 2019 05:28 PM by PatriceSc
Jun 06, 2019 02:05 PM|PatriceSc|LINK
We have sometimes PHP requests to our ASP.NET apps to find out installed products etc... For now we do nothing special which ends up with a 404 Not Found response.
I wondered if there is something special we could do about that such as :
- using some other http status code which could discourage further probing (403 Forbidden ?)
- and/or maybe to add a delay to slow them down
Thanks in advance.
Jun 06, 2019 03:16 PM|Mikesdotnetting|LINK
If I think that a request is intrusive or malicious, I tend to respond with 400. I always think (rightly or wrongly) that 401 and 403 might actually encourage further snooping.
Jun 06, 2019 05:28 PM|PatriceSc|LINK
Since then I noticed in particular 403.50x which seems to be used by the IIS Dynamic IP restrictions module. I'll likely go in this direction, hoping that most scanners are trying to optimize their snooping effort by slowing down, postponing or lowering
the scan frequency for sites returning this kind of "IP blocked" status.