Hi, If this is valid, how come for example scanning a Webmin host, or one that returns a 301 HTTP answer (Location:...) with not content, i.e. after http_recv_headers() nothing will be left to receive, get a lot of false positives? (Webmin responds with a 200 all the time). Thanks Noam Rathaus http://www.BeyondSecurity.com http://www.SecuriTeam.com ----- Original Message ----- From: "Renaud Deraison" <deraisonat_private> To: "Nessus Mailing List" <nessusat_private>; "Nessus Plugins Writers" <plugins-writersat_private> Sent: Sunday, May 05, 2002 21:59 Subject: Re: no404 > On Sun, May 05, 2002 at 10:40:39PM +0200, Noam Rathaus wrote: > > Won't handle cases such as: > > 302 Found > > 400 Bad Request > > 401 Unauthorized > > 403 Forbidden > > 500 Internal Server Error > > 503 Service Unavailable > > Errr, it seems you're misinterpreting the code : > > - no404.nasl : > - We determine if the remote service replies with a code 200 > (or 301 [redirect]) when a bad request is made ; > > - www_funcs.nasl : > - Makes a request and expects a 200 error code, or works > around cases where a code 200 is replied when the file > does not exist > > > So I don't understand why you see that as a problem. This won't cause > false positives. > > > > -- Renaud > > >
This archive was generated by hypermail 2b30 : Sun May 05 2002 - 13:10:45 PDT