OSSEC rule to ignore the msn/bing bot
Posted in ossec, security on March 8th, 2010 by fseek – Be the first to commentYou know, the MSN (Bing/Live) crawler is a strange bot. It keeps trying to access inexistent files on my server, generating a bunch of 404’s.
OSSEC, being smart as it is, goes ahead and blocks them with its “Web-based file scanning’ alert. OSSEC is doing its part, but I don’t want to block MSN/BING (even though it likes to crawl invalid pages).
The solution? This simple rule:
<rule id="100308" level="0"> <if_sid>31101</if_sid> <id>404</id> <description>Ignoring msn bot.</description> <srcip>65.55.0.0/16</srcip> <match> "msnbot</match> </rule> <rule id="100310" level="0"> <if_sid>31101</if_sid> <id>404</id> <description>Ignoring msn bot.</description> <srcip>207.46.0.0/16</srcip> <match> "msnbot</match> </rule>
No more alerts for it…
