Yes, thanks. Just wanted to make sure that the option will not be dropped. But after reading Dan's answer a second time, it probably never sounded like he was going to... :)
Regards, Markus On Wed, Jan 26, 2011 at 8:03 AM, Kevin <[email protected]> wrote: > To activate it you need to add > > serverHeaders: true > > in site.config > > Without that or set to false, it would be the original behavior. > > > On Tue, Jan 25, 2011 at 11:59 PM, Markus Weimar > <[email protected]> wrote: >> >> I'm very glad about this decision. Does it make sense to make the old >> behavior optional, maybe for intranet use? Currently, I don't need >> this. Just a thought. >> >> Regards, >> Markus >> >> On Wed, Jan 26, 2011 at 12:17 AM, The Editor <[email protected]> wrote: >> > This makes sense. I'll fix the bug and change the default. >> > >> > Cheers, >> > Dan >> > >> > >> > On Tue, Jan 25, 2011 at 4:09 PM, Kevin <[email protected]> wrote: >> >> I can't really speak for others, but for me, I want the visitor, more >> >> often >> >> than not a search engine to know that what they are looking for does >> >> not >> >> exist. I have a number of very old sites which have thousands of hits >> >> to >> >> them for content that simply doesn't exist anymore and/or has been >> >> reformatted completely different. The current default it telling the >> >> search >> >> engine, they found it, when in fact they didn't so they keep updating >> >> their >> >> engine result as if there really was content there. >> >> >> >> There is a bit of a security aspect too... I'm sure we all have seen >> >> attempts to see if some particular package is installed on your site in >> >> a >> >> string of tests that hit all at once, Those bots typically collect the >> >> results and come back later to try to exploit them. With even bad hits >> >> showing up with 200 codes, it makes it look like you have all that >> >> stuff >> >> when you may have none of it. >> >> >> >> Last thing you need is to have some bot then hitting your site with >> >> tons of >> >> exploit attempts clogging up your traffic, logs etc.. >> >> >> >> Up until now, they all were reported as 200 Ok... example this >> >> morning... >> >> >> >> 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 >> >> 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 >> >> 4487 >> >> 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 >> >> 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 >> >> 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 >> >> 4491 >> >> 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 >> >> 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 >> >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >> >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >> >> 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 >> >> 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 >> >> 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 >> >> 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 >> >> 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 >> >> 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 >> >> 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 >> >> 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 >> >> 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 >> >> 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 >> >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >> >> 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 >> >> 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 >> >> 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 >> >> 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 >> >> 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 >> >> 4505 >> >> 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 >> >> 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 >> >> 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 >> >> 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 >> >> 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 >> >> 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 >> >> 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 >> >> 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 >> >> 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 >> >> 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 >> >> 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 >> >> 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 >> >> 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 >> >> 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 >> >> 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 >> >> 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 >> >> 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 >> >> 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 >> >> 4494 >> >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >> >> >> >> That bot (now blocked) thinks I've got all those goodies to play with >> >> when >> >> none of them are there or at least not setup in that fashion >> >> >> >> I have been updating all my sites to use it. >> >> >> >> On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: >> >>> >> >>> Looks like you are right Kevin. I will fix that along with a couple >> >>> other things and put out a new release soon. :) >> >>> >> >>> Just out of curiosity, should the default behavior be to use these >> >>> server headers or not? >> >>> >> >>> Cheers, >> >>> Dan >> >>> >> >>> >> >>> On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> >> >>> wrote: >> >>> > Is this the right syntax? >> >>> > >> >>> > if (BOLTconfig('serverHeaders') == 'true') >> >>> > >> >>> > Seems that other things that look at BOLTconfig are using something >> >>> > like: >> >>> > >> >>> > BOLTconfig('BOLTautoLines', 'true'); >> >>> > >> >>> > Where the item being look for is preceded with BOLT >> >>> > >> >>> > Changing lines in engine.php seem to make it work.. >> >>> > >> >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 >> >>> > Not >> >>> > Found'); >> >>> > >> >>> > and >> >>> > >> >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 >> >>> > Forbidden'); >> >>> > >> >>> > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> >> >>> > wrote: >> >>> >> >> >>> >> Dan, did you get a chance to see why this didn't work? >> >>> >> >> >>> >> I added serverHeaders: true and it made no difference. I tried >> >>> >> the >> >>> >> same >> >>> >> on a few others with the same results. >> >>> >> >> >>> >> They return HTTP/1.1 200 OK >> >>> >> Regardless of what page I hit, existing or not. >> >>> >> >> >>> >> I see where the code is in engine.php, but I've not tried to setup >> >>> >> some >> >>> >> sort of test to see if it is triggering or not. >> >>> >> >> >>> >> These are all 3.4.14. >> >>> >> >> >>> >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> >> >>> >> wrote: >> >>> >>> >> >>> >>> Tried that and it didn't seem to make a change. Still outputs a >> >>> >>> 200 >> >>> >>> code. >> >>> >>> >> >>> >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> >> >>> >>> wrote: >> >>> >>>> >> >>> >>>> Try putting serverHeaders: true in site.config and see if that >> >>> >>>> works. >> >>> >>>> >> >>> >>>> We could make it the default easily enough. I'm open to arguments >> >>> >>>> for >> >>> >>>> the pro's con's. >> >>> >>>> >> >>> >>>> Cheers, >> >>> >>>> Dan >> >>> >>>> >> >>> >>>> >> >>> >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> >> >>> >>>> wrote: >> >>> >>>> > I've noticed lots of hits for an older site from search engines >> >>> >>>> > for >> >>> >>>> > content >> >>> >>>> > that simply does not and should not exist. currently that >> >>> >>>> > triggers >> >>> >>>> > the >> >>> >>>> > action.missing page which from the logs shows it is return code >> >>> >>>> > of >> >>> >>>> > 200. >> >>> >>>> > >> >>> >>>> > Is there a way to get action.missing to issue a 404 code? >> >>> >>>> > >> >>> >>>> > Example log entry: >> >>> >>>> > >> >>> >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] >> >>> >>>> > "GET >> >>> >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" >> >>> >>>> > >> >>> >>>> > I saw a posting titled "Reporting 404 messages to error logs" >> >>> >>>> > which >> >>> >>>> > someone >> >>> >>>> > was modifying the library.php but your reply indicated you had >> >>> >>>> > already >> >>> >>>> > added >> >>> >>>> > hooks to do this. >> >>> >>>> > >> >>> >>>> > Perhaps this should be a default ?? >> >>> >>>> > >> >>> >>>> > -- >> >>> >>>> > You received this message because you are subscribed to the >> >>> >>>> > Google >> >>> >>>> > Groups >> >>> >>>> > "BoltWire" group. >> >>> >>>> > To post to this group, send email to [email protected]. >> >>> >>>> > To unsubscribe from this group, send email to >> >>> >>>> > [email protected]. >> >>> >>>> > For more options, visit this group at >> >>> >>>> > http://groups.google.com/group/boltwire?hl=en. >> >>> >>>> > >> >>> >>>> >> >>> >>>> -- >> >>> >>>> You received this message because you are subscribed to the >> >>> >>>> Google >> >>> >>>> Groups "BoltWire" group. >> >>> >>>> To post to this group, send email to [email protected]. >> >>> >>>> To unsubscribe from this group, send email to >> >>> >>>> [email protected]. >> >>> >>>> For more options, visit this group at >> >>> >>>> http://groups.google.com/group/boltwire?hl=en. >> >>> >>>> >> >>> >>> >> >>> >> >> >>> > >> >>> > -- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "BoltWire" group. >> >>> > To post to this group, send email to [email protected]. >> >>> > To unsubscribe from this group, send email to >> >>> > [email protected]. >> >>> > For more options, visit this group at >> >>> > http://groups.google.com/group/boltwire?hl=en. >> >>> > >> >>> >> >>> -- >> >>> You received this message because you are subscribed to the Google >> >>> Groups >> >>> "BoltWire" group. >> >>> To post to this group, send email to [email protected]. >> >>> To unsubscribe from this group, send email to >> >>> [email protected]. >> >>> For more options, visit this group at >> >>> http://groups.google.com/group/boltwire?hl=en. >> >>> >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> >> Groups >> >> "BoltWire" group. >> >> To post to this group, send email to [email protected]. >> >> To unsubscribe from this group, send email to >> >> [email protected]. >> >> For more options, visit this group at >> >> http://groups.google.com/group/boltwire?hl=en. >> >> >> > >> > -- >> > You received this message because you are subscribed to the Google >> > Groups "BoltWire" group. >> > To post to this group, send email to [email protected]. >> > To unsubscribe from this group, send email to >> > [email protected]. >> > For more options, visit this group at >> > http://groups.google.com/group/boltwire?hl=en. >> > >> > >> >> -- >> You received this message because you are subscribed to the Google Groups >> "BoltWire" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/boltwire?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
