Do search engines use Server Protocol 1.0 to crawl our website? | WordPress.org

Resolved icing
(@icing)

10 years, 7 months ago
Hi AIT

You are doing a great job by developing this plugin!

I came across this post on your forum- Protect Login Page from Brute Force Login Attacks
. I was wondering if the server protocol code block search engine crawlers such as Google and Bing.
```
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ - [F,L]
```
How can I find out this info about the search bots?

http://wordpress.org/plugins/bulletproof-security/

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Everything that is legitimate these days will be using Server Protocol HTTP/1.1. Server Protocol HTTP/1.0 was phased out around 1997-1999.

There are only 2 cases where I have seen something legitimate using HTTP/1.0.

1. Verisign OCSP – uses both HTTP/1.1 and HTTP/1.0 (as a fallback I think), but this is a non-issue.
1. Squid Proxy old versions – hackers/spammers/etc use the HTTP/1.0 older versions intentionally.

Thread Starter icing
(@icing)

10 years, 7 months ago

Thanks. So, from your reply, I can safely assume that Google crawler is using 1.1.

Another thing that struck me was that even if a legitimate crawler is using 1.0, it doesn’t need to request wp-login.php. It can just crawl the rest of the pages. Right?

Plugin Author AITpro
(@aitpro)

10 years, 7 months ago

Everything that is legitmate uses HTTP/1.1.
Anything that is using HTTP/1.0 is bad/malicious.

Yes, since the intended purpose of the code is to protect the login page this code applies the security filter to only the login page.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Do search engines use Server Protocol 1.0 to crawl our website?’ is closed to new replies.

Tags

In: Plugins
3 replies
2 participants
Last reply from: AITpro
Last activity: 10 years, 7 months ago
Status: resolved