Rsnake on Detecting Cloaking in Apache

Rsnake is reporting that Apache Discloses information that could be used to detect cloakers:

Okay, but does that really help us? I mean, there’s no ETag at all right? Well, yes, and that’s the exact point. Because there is no ETag on in the header and there is for a confirmed normal file, you can tell that that page is dynamically created using mod_rewrite or a ScriptAlias. But now you’re asking, “What if you don’t know if it normally has the ETag at all, or more specifically what if the entire htdocs directory is dynamic?” How about trying a file that is always there and lives outside of the htdocs directory? The Apache logo that is included with the base install inside the /icons directory definitely qualifies.

Both comments and pings are currently closed.

4 Responses to “Rsnake on Detecting Cloaking in Apache”

  1. kloakit says:

    I don’t think the ETag header can be used reliably to flag cloaked pages, because it isn’t used widely enough. My tests with some Apache 1.3.33 servers show it isn’t being used there. I’ve checked around and use is fairly spotty. It just isn’t ubiquitous enough to rely on.

  2. scottj says:

    Even if the ETag header is being checked, it would be very easy to avoid. Simply make sure that NOTHING from your site is served with ETags…even those icons. You know, you can always delete the icons.

  3. sadgfh says:

    so why can’t we use random generated/rotated etags to bring indexers to pages?