On 04/12/2018 02:08 PM, Yann Ylavic wrote:
> On Thu, Apr 12, 2018 at 1:46 PM, Eric Covener <cove...@gmail.com> wrote:
>> Here are a few options to silencing these scans/reports:
> [X] remove the URL's
> The URL is already in the address bar if any screenshot/report matters, IMHO.

>From an ops point of view:

You do not always have an address bar visible with the affected URL. Think of 
iframes or pop ups without address bars
and people are bad in providing the exact point of time when the issue happened 
and hence the access logs are a tedious
business here on a busy server as a source for determining the issue. So I am 
for re-encode the decoded URI so spaces
can't be used.
I don't like making admins life hard because of not so smart tools or people 
reporting to security :-)



Reply via email to