PDA

View Full Version : 200 response



jossro
02-24-2007, 01:24 PM
I am trying to verify my site against a site security advisor and am getting the following message:

It appears that [my website here] is returning an HTTP 200 status response code in the header of 404 pages.
We cannot verify a Web site that is configured this way because it allows anyone to verify themselves as the owner of your site. Please update your Web site server configuration to return 404 status codes in the headers for pages that do not exist. Once your site is configured this way then you can return and request a file name verification.
Can anyone advise how to correct this?

Thanks
Jossro

jalal
02-25-2007, 12:13 PM
It looks like Apache is finding a page to return, instead of sending back an error. As to why that is happening it's hard to say without any further information.

One possibility, if this is a dynamic website, is that you have some PHP or mod_rewrite finding a default page in the case where an error would normally be found. I know Xaraya does that and possibly other systems do as well.

HTH

rolling
02-26-2007, 06:48 AM
If you want to find out what is happening, then you can try this yourself as detailed at http://www.apacheweek.com/features/http11

All you need to do is type
telnet yourdomain.com 80
Connected to yourdomain.com.
HEAD /nonexistantfile HTTP/1.0
and then press the return key twice.