I noticed that noscript gives a suspicious request notice when a form of a site is accessed from the spiders cache
[NoScript XSS] Sanitized suspicious request referer. URL [http://www.example.com/test.htm (REF: http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8)] requested from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]. Sanitized Referrer: [http://209.85.229.132/search?q=cache%20 ... k&ie=UTF-8].
[NoScript XSS] Sanitized suspicious upload to [http://www.example.com/test.htm] from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]: transformed into a download-only GET request.
The real url is been replaced with example.com and the script with test.htm. The notice is against the spider's cache. And there is nothing malicious on the site either.
Also Just because I block the UA on my FF doesn't mean I am a bot.
false alarms
-
noscript user
false alarms
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: false alarms
That's expected if you don't have http://209.85.229.132 in your whitelist but "example.com" is trusted.
POST requests from untrusted to trusted sites are stripped off of their payload.
POST requests from untrusted to trusted sites are stripped off of their payload.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
-
noscript user
Re: false alarms
Ok, thanks for the clarification Giorgio, this explains it.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.11) Gecko/2009060215 Firefox/3.0.11