Re: bad url fragment

[Sanjay Rawat <sanjayr () intoto com>]

At 08:15 PM 8/3/2005, development () crm20 com wrote:
> Hi,
>
> I have a little list of url fragments that should not normally be accessed 
> on the web server and are not in use, I have a mechanism in place that can 
> block the ip requesting the url with a fragment from the list.
>
> Could someone help me with possibly removing some of the entries that 
> might cause a legitimate request to trigger the block.
>
> If possible, please help me improve the list, is there any resource out 
> there where such lists are posted?
>
> here it is:

my suggestion is:


> % (remove)
> ..
> ./
> .asa
> .asax
> .ascx
> .bat
> .cdx
> .cer (remove)
> .cgi (remove)
> .cmd
> .config
> .csproj
> .dat
> .dll
> .exe (remove)
> .htr
> .htw
> .ida
> .idc
> .idq
> .inc
> .ini
> .jsp
> .licx
> .log (remove)
> .pdb
> .pl (remove, its for Poland!!!!)
> .pol
> .printer
> .resources
> .resx
> .stm
> .vb
> .vbproj
> .vbs
> .vsdisco
> .webinfo
> .wsh
> .xsd
> .xsx
> /_vti_bin/
> /admentor/
> /Admin.dll
> /ash
> /autoexec
> /bash
> /bigipgui
> /bin/
> /c32web.exe
> /cachemgr
> /campas
> /cgi/
> /cgiemail/
> /cgiscso/
> /cmd
> /command.com
> /common/
> /config/
> /copy/
> /counter/
> /csh
> /default.ida
> /del
> /dir
> /echo
> /etc
> /exchange
> /exec
> /finger
> /format
> /formmail
> /ftp
> /get32.exe
> /global.asa
> /gwweb.exe
> /home
> /html
> /http
> /iisadmpwd
> /iissamples
> /iisstart.asp
> /index.cfm
> /ksh
> /modules.php
> /msadc
> /mysql.class
> /ncbook
> /nessus.htr
> /newuser
> /ntselementary.adp
> /nuke
> /passwd
> /ping.exe
> /piranha
> /pixfir~1
> /puttest1.html
> /query
> /rename
> /root.exe
> /roots
> /rtm.log
> /sendmail
> /servlet
> /shtml.dll
> /sites
> /sqlqhit
> /ssi
> /status
> /tcsh
> /tftp
> /usage
> /webalizer
> /webcart
> /WINNT/
> /wwwboard
> _mem_bin
> 404.html
> 404.php
> admin.dll
> awstats.pl.configdir
> cachefsd
> cgi-bin
> cmd.exe
> COPY (remove) *
> database (remove) *
> default.ida
> DELETE
> Fpexedll.dll
> LOCK
> MKCOL
> MOVE (remove)*
> msadc
> MSADC
> OPTIONS
> PROPFIND
> PROPPATCH
> PUT
> root.exe
> scripts (remove)*
> Shtml.dll
> UNLOCK
> vt_


*--should be in some combination


Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
  Homepage: http://sanjay-rawat.tripod.com