I discovered the Ingrian reverse proxy yesterday.
On its administration port, it always redirects to the login page. So
Nessus generates kazillons of false positive because it does not
recognize it.
This patch adds:
1. "Management Console", which appears in the title of the proxy login
page.
2. An "security note" if we were unable to find a way to recognize the
page that replaced the 404 message.
However, I am not sure that (1) is very wise... In fact, this just
disables all the CGI tests. Maybe the note should be clearer when we
are redirected to a login page: no404.nasl reduces the risks of false
positive, but unfortunately, we rise the chance of false negative
because there is no way to test anything until we are authenticated.
Comments?
On its administration port, it always redirects to the login page. So
Nessus generates kazillons of false positive because it does not
recognize it.
This patch adds:
1. "Management Console", which appears in the title of the proxy login
page.
2. An "security note" if we were unable to find a way to recognize the
page that replaced the 404 message.
However, I am not sure that (1) is very wise... In fact, this just
disables all the CGI tests. Maybe the note should be clearer when we
are redirected to a login page: no404.nasl reduces the risks of false
positive, but unfortunately, we rise the chance of false negative
because there is no way to test anything until we are authenticated.
Comments?
Attached Files:
-
01-part (1.04 KB)