Block Javascript Injections

This is not a complete solution to protect against these kinds of attacks, but it will get us started.

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]  

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]  

# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]  

# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})  

# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule   ^(.*)$ http://www.jonathonbyrd.com/   [F,L]


Leave a Reply

Enter Your Comment:

Contact Jon





submit

Member Login


Open Source Donations

I try to do as much open source development as possible, but I still need to pay the bills.

Sitemap

Copyright 2009, All Rights Reserved. Byrd Inc.