WebApp Sec mailing list archives
Re: Dropping connection instead of returning 400
From: Kanatoko <anvil () jumperz net>
Date: Mon, 18 Apr 2005 18:29:14 +0900
On Tue, 1 Mar 2005 20:59:37 -0800 (PST) christopher () baus net wrote:
One thing that keeps coming back to me is 400 Bad Request handling. It is now my opinion that security proxies should just drop connection when faced with traffic they refuse to handle.
Google web server (GWS) works just like that. If you send an invalid HTTP request like this to Google, -- GET / AAAA/1.0 User-Agent: hoge Host: www.google.com -- GWS drops the TCP connection with RST packet. On the other hand, Apache and IIS return a 400 response. BTW, I got this information from the book "Intrusion Prevention and Active Response" page 137. http://www.amazon.com/exec/obidos/tg/detail/-/193226647X/ -- Kanatoko<anvil () jumperz net> Open Source WebAppFirewall http://guardian.jumperz.net/
Current thread:
- Re: Dropping connection instead of returning 400 Kanatoko (Apr 18)
- <Possible follow-ups>
- RE: Dropping connection instead of returning 400 Matt Fisher (Apr 20)
- RE: Dropping connection instead of returning 400 christopher (Apr 21)