Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Axel Wers Posted September 16, 2007 Posted September 16, 2007 I found one article about block exploit attempts. Can I use this in my .htaccess without damage of my forum?########## Begin - Rewrite rules to block out some common exploits # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits
bfarber Posted September 17, 2007 Posted September 17, 2007 You can use it, but these methods of attack are relatively archaic and would have no effect on IPB anyways.
Axel Wers Posted September 17, 2007 Posted September 17, 2007 these methods of attack are relatively archaic and would have no effect on IPB anyways. Thanks, that's it what I needed to know :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.