Basic SQL Injection protection by RewriteRule
Here what I ended up with:
RewriteEngine on
RewriteRule .*NVARCHAR.* /security-violation.htm [NC]
RewriteRule .*DECLARE.* /security-violation.htm [NC]
#RewriteRule .*INSERT.* /security-violation.htm [NC]
RewriteRule .*xp_.* /security-violation.htm [NC]
RewriteRule .*@.* /security-violation.htm [NC]
#RewriteRule .*';* /security-violation.htm [NC]
RewriteRule .*EXEC\(@.* /security-violation.htm [NC]
RewriteRule .*sp_password.* /security-violation.htm [NC]
RewriteCond %{QUERY_STRING} .*sp_password.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*CAST\(.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*EXEC\(@.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
RewriteRule .* /security-violation.htm
#run it over to our dynamic file (coldfusion in this case)
RewriteRule /security-violation.htm /security-violation.cfm [P,L]
RewriteRule .*NVARCHAR.* /security-violation.htm [NC]
RewriteRule .*DECLARE.* /security-violation.htm [NC]
#RewriteRule .*INSERT.* /security-violation.htm [NC]
RewriteRule .*xp_.* /security-violation.htm [NC]
RewriteRule .*@.* /security-violation.htm [NC]
#RewriteRule .*';* /security-violation.htm [NC]
RewriteRule .*EXEC\(@.* /security-violation.htm [NC]
RewriteRule .*sp_password.* /security-violation.htm [NC]
RewriteCond %{QUERY_STRING} .*sp_password.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*CAST\(.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*EXEC\(@.* [NC]
RewriteRule .* /security-violation.htm
RewriteCond %{QUERY_STRING} .*DECLARE.* [NC]
RewriteRule .* /security-violation.htm
#run it over to our dynamic file (coldfusion in this case)
RewriteRule /security-violation.htm /security-violation.cfm [P,L]
There are no comments for this entry.
[Add Comment] [Subscribe to Comments]