Correct, the old option will be available by setting to false, but the default will change.
Cheers, Dan On Wed, Jan 26, 2011 at 1:14 AM, Markus Weimar <[email protected]> wrote: > Yes, thanks. Just wanted to make sure that the option will not be > dropped. But after reading Dan's answer a second time, it probably > never sounded like he was going to... :) > > Regards, > Markus > > On Wed, Jan 26, 2011 at 8:03 AM, Kevin <[email protected]> wrote: >> To activate it you need to add >> >> serverHeaders: true >> >> in site.config >> >> Without that or set to false, it would be the original behavior. >> >> >> On Tue, Jan 25, 2011 at 11:59 PM, Markus Weimar >> <[email protected]> wrote: >>> >>> I'm very glad about this decision. Does it make sense to make the old >>> behavior optional, maybe for intranet use? Currently, I don't need >>> this. Just a thought. >>> >>> Regards, >>> Markus >>> >>> On Wed, Jan 26, 2011 at 12:17 AM, The Editor <[email protected]> wrote: >>> > This makes sense. I'll fix the bug and change the default. >>> > >>> > Cheers, >>> > Dan >>> > >>> > >>> > On Tue, Jan 25, 2011 at 4:09 PM, Kevin <[email protected]> wrote: >>> >> I can't really speak for others, but for me, I want the visitor, more >>> >> often >>> >> than not a search engine to know that what they are looking for does >>> >> not >>> >> exist. I have a number of very old sites which have thousands of hits >>> >> to >>> >> them for content that simply doesn't exist anymore and/or has been >>> >> reformatted completely different. The current default it telling the >>> >> search >>> >> engine, they found it, when in fact they didn't so they keep updating >>> >> their >>> >> engine result as if there really was content there. >>> >> >>> >> There is a bit of a security aspect too... I'm sure we all have seen >>> >> attempts to see if some particular package is installed on your site in >>> >> a >>> >> string of tests that hit all at once, Those bots typically collect the >>> >> results and come back later to try to exploit them. With even bad hits >>> >> showing up with 200 codes, it makes it look like you have all that >>> >> stuff >>> >> when you may have none of it. >>> >> >>> >> Last thing you need is to have some bot then hitting your site with >>> >> tons of >>> >> exploit attempts clogging up your traffic, logs etc.. >>> >> >>> >> Up until now, they all were reported as 200 Ok... example this >>> >> morning... >>> >> >>> >> 94.63.246.3 "GET //admin/mysql/scripts/setup.php HTTP/1.1" 200 4484 >>> >> 94.63.246.3 "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 200 >>> >> 4487 >>> >> 94.63.246.3 "GET //admin/pma/scripts/setup.php HTTP/1.1" 200 4483 >>> >> 94.63.246.3 "GET //admin/scripts/setup.php HTTP/1.1" 200 4473 >>> >> 94.63.246.3 "GET //controls/ps3-dbadmin/scripts/setup.php HTTP/1.1" 200 >>> >> 4491 >>> >> 94.63.246.3 "GET //db/scripts/setup.php HTTP/1.1" 200 4471 >>> >> 94.63.246.3 "GET //dbadmin/scripts/setup.php HTTP/1.1" 200 4475 >>> >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >>> >> 94.63.246.3 "GET //myadmin/scripts/setup.php HTTP/1.1" 200 4474 >>> >> 94.63.246.3 "GET //mysql-admin/scripts/setup.php HTTP/1.1" 200 4477 >>> >> 94.63.246.3 "GET //mysql/scripts/setup.php HTTP/1.1" 200 4474 >>> >> 94.63.246.3 "GET //mysqladmin/scripts/setup.php HTTP/1.1" 200 4477 >>> >> 94.63.246.3 "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 200 4479 >>> >> 94.63.246.3 "GET //p/m/a/scripts/setup.php HTTP/1.1" 200 4482 >>> >> 94.63.246.3 "GET //php-my-admin/scripts/setup.php HTTP/1.1" 200 4479 >>> >> 94.63.246.3 "GET //php-myadmin/scripts/setup.php HTTP/1.1" 200 4478 >>> >> 94.63.246.3 "GET //phpm/scripts/setup.php HTTP/1.1" 200 4473 >>> >> 94.63.246.3 "GET //phpmanager/scripts/setup.php HTTP/1.1" 200 4477 >>> >> 94.63.246.3 "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 200 4478 >>> >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >>> >> 94.63.246.3 "GET //phpMyA/scripts/setup.php HTTP/1.1" 200 4479 >>> >> 94.63.246.3 "GET //phpmyad-sys/scripts/setup.php HTTP/1.1" 200 4478 >>> >> 94.63.246.3 "GET //phpmyad/scripts/setup.php HTTP/1.1" 200 4476 >>> >> 94.63.246.3 "GET //phpMyAdmi/scripts/setup.php HTTP/1.1" 200 4481 >>> >> 94.63.246.3 "GET //phpMyAdmin-2.10.0/scripts/setup.php HTTP/1.1" 200 >>> >> 4505 >>> >> 94.63.246.3 "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 200 4485 >>> >> 94.63.246.3 "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 >>> >> 94.63.246.3 "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 200 4480 >>> >> 94.63.246.3 "GET //phpMyAdmin2/scripts/setup.php HTTP/1.1" 200 4482 >>> >> 94.63.246.3 "GET //phpMyAds/scripts/setup.php HTTP/1.1" 200 4481 >>> >> 94.63.246.3 "GET //PMA/scripts/setup.php HTTP/1.1" 200 4475 >>> >> 94.63.246.3 "GET //PMA2005/scripts/setup.php HTTP/1.1" 200 4479 >>> >> 94.63.246.3 "GET //pma2005/scripts/setup.php HTTP/1.1" 200 4476 >>> >> 94.63.246.3 "GET //sqlmanager/scripts/setup.php HTTP/1.1" 200 4475 >>> >> 94.63.246.3 "GET //sqlweb/scripts/setup.php HTTP/1.1" 200 4474 >>> >> 94.63.246.3 "GET //vhcs2/tools/pma/scripts/setup.php HTTP/1.1" 200 4495 >>> >> 94.63.246.3 "GET //vhcs/tools/pma/scripts/setup.php HTTP/1.1" 200 4493 >>> >> 94.63.246.3 "GET //tools/pma/scripts/setup.php HTTP/1.1" 200 4483 >>> >> 94.63.246.3 "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 4492 >>> >> 94.63.246.3 "GET //webadmin/scripts/setup.php HTTP/1.1" 200 4475 >>> >> 94.63.246.3 "GET //webdb/scripts/setup.php HTTP/1.1" 200 4474 >>> >> 94.63.246.3 "GET //websql/scripts/setup.php HTTP/1.1" 200 4476 >>> >> 94.63.246.3 "GET //xampp/phpMyAdmin/scripts/setup.php HTTP/1.1" 200 >>> >> 4494 >>> >> 94.63.246.3 "GET //phpmy/scripts/setup.php HTTP/1.1" 200 4475 >>> >> >>> >> That bot (now blocked) thinks I've got all those goodies to play with >>> >> when >>> >> none of them are there or at least not setup in that fashion >>> >> >>> >> I have been updating all my sites to use it. >>> >> >>> >> On Tue, Jan 25, 2011 at 2:58 PM, The Editor <[email protected]> wrote: >>> >>> >>> >>> Looks like you are right Kevin. I will fix that along with a couple >>> >>> other things and put out a new release soon. :) >>> >>> >>> >>> Just out of curiosity, should the default behavior be to use these >>> >>> server headers or not? >>> >>> >>> >>> Cheers, >>> >>> Dan >>> >>> >>> >>> >>> >>> On Tue, Jan 25, 2011 at 12:53 PM, Kevin <[email protected]> >>> >>> wrote: >>> >>> > Is this the right syntax? >>> >>> > >>> >>> > if (BOLTconfig('serverHeaders') == 'true') >>> >>> > >>> >>> > Seems that other things that look at BOLTconfig are using something >>> >>> > like: >>> >>> > >>> >>> > BOLTconfig('BOLTautoLines', 'true'); >>> >>> > >>> >>> > Where the item being look for is preceded with BOLT >>> >>> > >>> >>> > Changing lines in engine.php seem to make it work.. >>> >>> > >>> >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 404 >>> >>> > Not >>> >>> > Found'); >>> >>> > >>> >>> > and >>> >>> > >>> >>> > if (BOLTconfig('BOLTserverHeaders') == 'true') header('HTTP/1.1 403 >>> >>> > Forbidden'); >>> >>> > >>> >>> > On Tue, Jan 25, 2011 at 11:34 AM, Kevin <[email protected]> >>> >>> > wrote: >>> >>> >> >>> >>> >> Dan, did you get a chance to see why this didn't work? >>> >>> >> >>> >>> >> I added serverHeaders: true and it made no difference. I tried >>> >>> >> the >>> >>> >> same >>> >>> >> on a few others with the same results. >>> >>> >> >>> >>> >> They return HTTP/1.1 200 OK >>> >>> >> Regardless of what page I hit, existing or not. >>> >>> >> >>> >>> >> I see where the code is in engine.php, but I've not tried to setup >>> >>> >> some >>> >>> >> sort of test to see if it is triggering or not. >>> >>> >> >>> >>> >> These are all 3.4.14. >>> >>> >> >>> >>> >> On Sun, Jan 23, 2011 at 7:38 PM, Kevin <[email protected]> >>> >>> >> wrote: >>> >>> >>> >>> >>> >>> Tried that and it didn't seem to make a change. Still outputs a >>> >>> >>> 200 >>> >>> >>> code. >>> >>> >>> >>> >>> >>> On Sun, Jan 23, 2011 at 7:22 PM, The Editor <[email protected]> >>> >>> >>> wrote: >>> >>> >>>> >>> >>> >>>> Try putting serverHeaders: true in site.config and see if that >>> >>> >>>> works. >>> >>> >>>> >>> >>> >>>> We could make it the default easily enough. I'm open to arguments >>> >>> >>>> for >>> >>> >>>> the pro's con's. >>> >>> >>>> >>> >>> >>>> Cheers, >>> >>> >>>> Dan >>> >>> >>>> >>> >>> >>>> >>> >>> >>>> On Sun, Jan 23, 2011 at 7:56 PM, Kevin <[email protected]> >>> >>> >>>> wrote: >>> >>> >>>> > I've noticed lots of hits for an older site from search engines >>> >>> >>>> > for >>> >>> >>>> > content >>> >>> >>>> > that simply does not and should not exist. currently that >>> >>> >>>> > triggers >>> >>> >>>> > the >>> >>> >>>> > action.missing page which from the logs shows it is return code >>> >>> >>>> > of >>> >>> >>>> > 200. >>> >>> >>>> > >>> >>> >>>> > Is there a way to get action.missing to issue a 404 code? >>> >>> >>>> > >>> >>> >>>> > Example log entry: >>> >>> >>>> > >>> >>> >>>> > ycar8.mobile.re3.yahoo.com - - [23/Jan/2011:19:23:42 -0500] >>> >>> >>>> > "GET >>> >>> >>>> > /greyhound.htm HTTP/1.1" 200 14435 "-" "YahooCacheSystem" >>> >>> >>>> > >>> >>> >>>> > I saw a posting titled "Reporting 404 messages to error logs" >>> >>> >>>> > which >>> >>> >>>> > someone >>> >>> >>>> > was modifying the library.php but your reply indicated you had >>> >>> >>>> > already >>> >>> >>>> > added >>> >>> >>>> > hooks to do this. >>> >>> >>>> > >>> >>> >>>> > Perhaps this should be a default ?? >>> >>> >>>> > >>> >>> >>>> > -- >>> >>> >>>> > You received this message because you are subscribed to the >>> >>> >>>> > Google >>> >>> >>>> > Groups >>> >>> >>>> > "BoltWire" group. >>> >>> >>>> > To post to this group, send email to [email protected]. >>> >>> >>>> > To unsubscribe from this group, send email to >>> >>> >>>> > [email protected]. >>> >>> >>>> > For more options, visit this group at >>> >>> >>>> > http://groups.google.com/group/boltwire?hl=en. >>> >>> >>>> > >>> >>> >>>> >>> >>> >>>> -- >>> >>> >>>> You received this message because you are subscribed to the >>> >>> >>>> Google >>> >>> >>>> Groups "BoltWire" group. >>> >>> >>>> To post to this group, send email to [email protected]. >>> >>> >>>> To unsubscribe from this group, send email to >>> >>> >>>> [email protected]. >>> >>> >>>> For more options, visit this group at >>> >>> >>>> http://groups.google.com/group/boltwire?hl=en. >>> >>> >>>> >>> >>> >>> >>> >>> >> >>> >>> > >>> >>> > -- >>> >>> > You received this message because you are subscribed to the Google >>> >>> > Groups >>> >>> > "BoltWire" group. >>> >>> > To post to this group, send email to [email protected]. >>> >>> > To unsubscribe from this group, send email to >>> >>> > [email protected]. >>> >>> > For more options, visit this group at >>> >>> > http://groups.google.com/group/boltwire?hl=en. >>> >>> > >>> >>> >>> >>> -- >>> >>> You received this message because you are subscribed to the Google >>> >>> Groups >>> >>> "BoltWire" group. >>> >>> To post to this group, send email to [email protected]. >>> >>> To unsubscribe from this group, send email to >>> >>> [email protected]. >>> >>> For more options, visit this group at >>> >>> http://groups.google.com/group/boltwire?hl=en. >>> >>> >>> >> >>> >> -- >>> >> You received this message because you are subscribed to the Google >>> >> Groups >>> >> "BoltWire" group. >>> >> To post to this group, send email to [email protected]. >>> >> To unsubscribe from this group, send email to >>> >> [email protected]. >>> >> For more options, visit this group at >>> >> http://groups.google.com/group/boltwire?hl=en. >>> >> >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> > Groups "BoltWire" group. >>> > To post to this group, send email to [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]. >>> > For more options, visit this group at >>> > http://groups.google.com/group/boltwire?hl=en. >>> > >>> > >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "BoltWire" group. >>> To post to this group, send email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/boltwire?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "BoltWire" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/boltwire?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "BoltWire" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/boltwire?hl=en. > > -- You received this message because you are subscribed to the Google Groups "BoltWire" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/boltwire?hl=en.
