On 04/12/2018 02:08 PM, Yann Ylavic wrote: > On Thu, Apr 12, 2018 at 1:46 PM, Eric Covener <[email protected]> wrote: >> >> Here are a few options to silencing these scans/reports: >> > [X] remove the URL's > > The URL is already in the address bar if any screenshot/report matters, IMHO. >
>From an ops point of view: You do not always have an address bar visible with the affected URL. Think of iframes or pop ups without address bars and people are bad in providing the exact point of time when the issue happened and hence the access logs are a tedious business here on a busy server as a source for determining the issue. So I am for re-encode the decoded URI so spaces can't be used. I don't like making admins life hard because of not so smart tools or people reporting to security :-) Regards RĂ¼diger
