WebApp Sec mailing list archives

Re: Dropping connection instead of returning 400

From: Kanatoko <anvil () jumperz net>
Date: Mon, 18 Apr 2005 18:29:14 +0900

 
On Tue, 1 Mar 2005 20:59:37 -0800 (PST)
christopher () baus net wrote:

One thing that keeps coming back to me is 400 Bad Request handling.  It is
now my opinion that security proxies should just drop connection when
faced with traffic they refuse to handle.


Google web server (GWS) works just like that.

If you send an invalid HTTP request like this to Google,
--
GET / AAAA/1.0
User-Agent: hoge
Host: www.google.com

--

GWS drops the TCP connection with RST packet.
On the other hand, Apache and IIS return a 400 response.

BTW, I got this information from the book "Intrusion Prevention and
Active Response" page 137.
http://www.amazon.com/exec/obidos/tg/detail/-/193226647X/

-- 
Kanatoko<anvil () jumperz net>
Open Source WebAppFirewall
http://guardian.jumperz.net/

Current thread:

Re: Dropping connection instead of returning 400 Kanatoko (Apr 18)
- <Possible follow-ups>
- RE: Dropping connection instead of returning 400 Matt Fisher (Apr 20)
- RE: Dropping connection instead of returning 400 christopher (Apr 21)