google smashing

I have never been a fan of having robots crawl my sites. Something very wrong
about that concept. SO, I used a simple feature in the most recent mod_security.

I applied this rule as a custom rule and within minutes it hit.
Despite dozens of daily incursions, Googlebot has not returned since.
Judging by the fast response I think my message was very clear. STOP.

# This rule sends googlebot on a mission.
SecContentInjection On
SecDefaultAction "log,pass,phase:2,t:none"
SecRule RESPONSE_CONTENT_TYPE "^text/html"
SecRule REQUEST_HEADERS:User-Agent "Mozilla.*Googlebot"
log,redirect:http://www.doubleclick.net

Additionally I use the same method for Windows users infected with
FunWebProducts Spyware but instead I send them to get help.

# send users with funwebproducts infection away to clean it up
SecContentInjection On
SecDefaultAction "log,pass,phase:2,t:none"
SecRule RESPONSE_CONTENT_TYPE "^text/html"
SecRule REQUEST_HEADERS:User-Agent "Mozilla.*FunWebProducts"
log,redirect:http://www.liamdelahunty.com/tips/fun_web_products.php

I am not sure I actually did all this correctly, but they work ok.
I love my Mod_Security a lot and the latest goodies are sooo cool.

Many Thanks to the authors. My hero's.

Marty B

--

-- 
Building a better mousetrap only results in better mice. C. Darwin

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users