Axel Wers Posted September 16, 2007 Share Posted September 16, 2007 I found one article about block exploit attempts. Can I use this in my .htaccess without damage of my forum?########## Begin - Rewrite rules to block out some common exploits # # Block out any script trying to set a mosConfig value through the URL RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits Link to comment Share on other sites More sharing options...
bfarber Posted September 17, 2007 Share Posted September 17, 2007 You can use it, but these methods of attack are relatively archaic and would have no effect on IPB anyways. Link to comment Share on other sites More sharing options...
Axel Wers Posted September 17, 2007 Share Posted September 17, 2007 these methods of attack are relatively archaic and would have no effect on IPB anyways. Thanks, that's it what I needed to know :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.