Posted By

j4kp07 on 07/09/10

Tagged

htaccess

Versions (?)

htaccess DENY incarnate query strings

/ Published in: Apache

URL: http://perishablepress.com/press/2008/09/15/evil-incarnate-but-easily-blocked/

block evil incarnate query strings

Expand | Embed | Plain Text

<ifmodule mod_rewrite.c>
 RewriteCond %{QUERY_STRING} \.\.\/    [NC,OR]
 RewriteRule .* -                      [F,L]
</ifmodule>
# block evil incarnate user agents
SetEnvIfNoCase User-Agent "shell_exec"  keep_out
SetEnvIfNoCase User-Agent "passthru"    keep_out
SetEnvIfNoCase User-Agent "function"    keep_out
<Limit GET POST>
 order allow,deny
 allow from all
 deny from env=keep_out
</Limit>

Report this snippet Tweet

Comment:

You need to login to post a comment.

Posted By

Tagged

Versions (?)

htaccess DENY incarnate query strings

Related snippets

Choose a language for easy browsing: