Blog Protection against Script Injection

Valic —  May 2, 2011 — Leave a comment

This the solution that I found against Script Injection:

First of all, backup file. htaccess.

Then paste the code below in .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

What is the code doing?

Check if the application contains <script> and if someone try to change the variable values  GLOBALS and  _REQUEST variables.

If this happens, then the browser is closed and the 403 error is returned.

I hope this is usefull. Enjoy


Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply