To activate it you need to add serverHeaders: true
in site.config Without that or set to false, it would be the original behavior. On Tue, Jan 25, 2011 at 11:59 PM, Markus Weimar < [email protected]> wrote: > I'm very glad about this decision. Does it make sense to make the old > behavior optional, maybe for intranet use? Currently, I don't need > this. Just a thought. > > Regards, > Markus > > On Wed, Jan 26, 2011 at 12:17 AM, The Editor <[email protected]> wrote: > > This makes sense. I'll fix the bug and change the default. > > > > Cheers, > > Dan > > > > > > On Tue, Jan 25, 2011 at 4:09 PM, Kevin <[email protected]> wrote: > >> I can't really speak for others, but for me, I want the visitor, more > often > >> than not a search engine to know that what they are looking for does not > >> exist. I have a number of very old sites which have thousands of hits > to > >> them for content that simply doesn't exist anymore and/or has been > >> reformatted completely different. The current default it telling the > search > >> engine, they found it, when in fact they didn't so they keep updating > their > >> engine result as if there really was content there. > >> > >> There is a bit of a security aspect too... I'm sure we all have seen > >> attempts to see if some particular package is installed on your site in > a > >> string of tests that hit all at once, Those bots typically collect the > >> results and come back later to try to exploit them. With even bad hits > >> showing up with 200 codes, it makes it look like you have all that stuff > >> when you may have none of it. > >> > >> Last thing you need is to have some bot then hitting your site with tons > of > >> exploit attempts clogging up your traffic, logs etc.. > >> > >> Up until now, they all were reported as 200 Ok... example this > morning... > >> > >> 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 > >> 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 4487 > >> 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 > >> 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 > >> 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 > 4491 > >> 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 > >> 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 > >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 > >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 > >> 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 > >> 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 > >> 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 > >> 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 > >> 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 > >> 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 > >> 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 > >> 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 > >> 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 > >> 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 > >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 > >> 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 > >> 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 > >> 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 > >> 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 > >> 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 > 4505 > >> 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 > >> 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 > >> 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 > >> 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 > >> 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 > >> 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 > >> 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 > >> 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 > >> 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 > >> 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 > >> 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 > >> 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 > >> 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 > >> 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 > >> 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 > >> 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 > >> 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 > >> 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4494 > >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 > >> > >> That bot (now blocked) thinks I've got all those goodies to play with > when > >> none of them are there or at least not setup in that fashion > >> > >> I have been updating all my sites to use it. > >> > >> On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: > >>> > >>> Looks like you are right Kevin. I will fix that along with a couple > >>> other things and put out a new release soon. :) > >>> > >>> Just out of curiosity, should the default behavior be to use these > >>> server headers or not? > >>> > >>> Cheers, > >>> Dan > >>> > >>> > >>> On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> > wrote: > >>> > Is this the right syntax? > >>> > > >>> > if (BOLTconfig('serverHeaders') == 'true') > >>> > > >>> > Seems that other things that look at BOLTconfig are using something > >>> > like: > >>> > > >>> > BOLTconfig('BOLTautoLines', 'true'); > >>> > > >>> > Where the item being look for is preceded with BOLT > >>> > > >>> > Changing lines in engine.php seem to make it work.. > >>> > > >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 > Not > >>> > Found'); > >>> > > >>> > and > >>> > > >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 > >>> > Forbidden'); > >>> > > >>> > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> > wrote: > >>> >> > >>> >> Dan, did you get a chance to see why this didn't work? > >>> >> > >>> >> I added serverHeaders: true and it made no difference. I tried the > >>> >> same > >>> >> on a few others with the same results. > >>> >> > >>> >> They return HTTP/1.1 200 OK > >>> >> Regardless of what page I hit, existing or not. > >>> >> > >>> >> I see where the code is in engine.php, but I've not tried to setup > some > >>> >> sort of test to see if it is triggering or not. > >>> >> > >>> >> These are all 3.4.14. > >>> >> > >>> >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> > wrote: > >>> >>> > >>> >>> Tried that and it didn't seem to make a change. Still outputs a > 200 > >>> >>> code. > >>> >>> > >>> >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> > wrote: > >>> >>>> > >>> >>>> Try putting serverHeaders: true in site.config and see if that > works. > >>> >>>> > >>> >>>> We could make it the default easily enough. I'm open to arguments > for > >>> >>>> the pro's con's. > >>> >>>> > >>> >>>> Cheers, > >>> >>>> Dan > >>> >>>> > >>> >>>> > >>> >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> > >>> >>>> wrote: > >>> >>>> > I've noticed lots of hits for an older site from search engines > for > >>> >>>> > content > >>> >>>> > that simply does not and should not exist. currently that > triggers > >>> >>>> > the > >>> >>>> > action.missing page which from the logs shows it is return code > of > >>> >>>> > 200. > >>> >>>> > > >>> >>>> > Is there a way to get action.missing to issue a 404 code? > >>> >>>> > > >>> >>>> > Example log entry: > >>> >>>> > > >>> >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] > "GET > >>> >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" > >>> >>>> > > >>> >>>> > I saw a posting titled "Reporting 404 messages to error logs" > which > >>> >>>> > someone > >>> >>>> > was modifying the library.php but your reply indicated you had > >>> >>>> > already > >>> >>>> > added > >>> >>>> > hooks to do this. > >>> >>>> > > >>> >>>> > Perhaps this should be a default ?? > >>> >>>> > > >>> >>>> > -- > >>> >>>> > You received this message because you are subscribed to the > Google > >>> >>>> > Groups > >>> >>>> > "BoltWire" group. > >>> >>>> > To post to this group, send email to [email protected]. > >>> >>>> > To unsubscribe from this group, send email to > >>> >>>> > [email protected]<boltwire%[email protected]> > . > >>> >>>> > For more options, visit this group at > >>> >>>> > http://groups.google.com/group/boltwire?hl=en. > >>> >>>> > > >>> >>>> > >>> >>>> -- > >>> >>>> You received this message because you are subscribed to the Google > >>> >>>> Groups "BoltWire" group. > >>> >>>> To post to this group, send email to [email protected]. > >>> >>>> To unsubscribe from this group, send email to > >>> >>>> [email protected]<boltwire%[email protected]> > . > >>> >>>> For more options, visit this group at > >>> >>>> http://groups.google.com/group/boltwire?hl=en. > >>> >>>> > >>> >>> > >>> >> > >>> > > >>> > -- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "BoltWire" group. > >>> > To post to this group, send email to [email protected]. > >>> > To unsubscribe from this group, send email to > >>> > [email protected]<boltwire%[email protected]> > . > >>> > For more options, visit this group at > >>> > http://groups.google.com/group/boltwire?hl=en. > >>> > > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "BoltWire" group. > >>> To post to this group, send email to [email protected]. > >>> To unsubscribe from this group, send email to > >>> [email protected]<boltwire%[email protected]> > . > >>> For more options, visit this group at > >>> http://groups.google.com/group/boltwire?hl=en. > >>> > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "BoltWire" group. > >> To post to this group, send email to [email protected]. > >> To unsubscribe from this group, send email to > >> [email protected]<boltwire%[email protected]> > . > >> For more options, visit this group at > >> http://groups.google.com/group/boltwire?hl=en. > >> > > > > -- > > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]<boltwire%[email protected]> > . > > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<boltwire%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
