On Sun, May 05, 2002 at 11:10:09PM +0200, Noam Rathaus wrote: > If this is valid, how come for example scanning a Webmin host, or one that > returns a 301 HTTP answer (Location:...) with not content, i.e. after > http_recv_headers() nothing will be left to receive, get a lot of false > positives? (Webmin responds with a 200 all the time). As I said : Only code 200 (and 302) are being looked for. So yes, servers which reply with a code 200 may produce false positive if the workaround of no404.nasl is not effective (see the mailing list archives about this for thousands of discussions about this). I'd be surprised to see a host which __always__ reply with a code 301 produce many false positives. -- Renaud
This archive was generated by hypermail 2b30 : Sun May 05 2002 - 13:23:07 PDT