Date: Tue, 9 Apr 2002 23:41:55 -0400 From: mpd <mpd6334@cs.rit.edu> To: Lord Raiden <raiden23@netzero.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Good spoof page for Apache?? Message-ID: <20020409234155.A60114@rochester.rr.com> In-Reply-To: <4.2.0.58.20020409233418.0095a220@pop.netzero.net>; from raiden23@netzero.net on Tue, Apr 09, 2002 at 11:39:51PM -0400 References: <4.2.0.58.20020409233418.0095a220@pop.netzero.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 09, 2002 at 11:39:51PM -0400, Lord Raiden wrote: > Hi all. I'm looking at taking one of our servers that's supposed to be > for office use only and open it up to the outside. There's nothing secure > on it, but I don't want just anybody surfing to it and browsing around. So > what I was thinking of doing was in order to fool the average joe who might > get there by accident or intentionally, I want them to think they have > recieved a standard browser error and then leave. > > I've thought about modifying the browser error that IE gives, but I'm not > sure that will work. I want it to look like a legitimate client side error > when they hit the website, yet I want those who know the proper access URL > to still be able to access the site remotely. For example, "mydomain.com/" > would show the mock error, yet "mydomain.com/login.cgi" would still get > them to where they needed to go. I just need a way to spoof an error, not > generate a real one to help keep out nosy bypassers. Any ideas? > I would say the best way to spoof the errors for the tons and tons of browsers out there is to generate a real one. In your case, just don't set any default index names, so all requests for mydomain.com will be 404's, but the real login.cgi is still there. This kind of "security" is bound to get you hacked eventually if there's even the slightest chink in your armor, though. Others can relay horror stories if they choose. mike -- ___________________________________________________________ "I DO NOT KNOW! PERHAPS IT MEANS NOTHING, OR PERHAPS EVERYTHING!!!" - Pokey the Penguin from "THE POWER OF BELIEF" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409234155.A60114>