-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0502
"robots.txt lists what looks like an admin panel"
The robot instruction file robots.txt contains an entry which could point to an administration panel.
The robots.txt file controls the web crawlers of the standard web engines (e.g. google, bing). To disallow the indexing of administration panel is an obvious idea. But if a possible attacker scans the web site, he will read the content of the robots.txt file. So, a disallow of the administration panel is an assistance for the attacker to find the panel very quick.
Constrain:
The twa script search for the text part admin.
Hence if this text part is not part of an administration panel URL this message is a false warning.
Remove any hints to administration panels from the robots.txt file.
But use another way to prevent the administration panels scanned by web crawlers.
Never allow finding your administration panels by a simple google search.
Try to restrict the access to the administration panels, e.g. restriction to IP addresses of the web administrator workstations.
Do not include links to the administration panels in the public pages of the web site.