[geeklog-devel] Blocking those inclusion attempts

Ramnath R Iyer casual.dodo at gmail.com
Sat Dec 15 07:52:36 EST 2007

Previous message: [geeklog-devel] Blocking those inclusion attempts
Next message: [geeklog-devel] Blocking those inclusion attempts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Saturday 15 December 2007 05:22:32 Dirk Haun wrote:

> Does anyone see a problem with a .htaccess rule like this?

>

> RewriteEngine On

> RewriteCond %{THE_REQUEST} http:

> RewriteRule .* - [L,F]

>

> This would block all requests that contain "http:" in the URL. It's

> aimed at the script kiddies' standard inclusion attempts, e.g.

Wouldn't this also block something like -

GET http://www.geeklog.net/forum/index.php HTTP/1.1

HTTP v1.1 allows complete URIs to be specified in the request line.

--
Ramnath R Iyer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20071215/48d299a5/attachment.pgp>

Previous message: [geeklog-devel] Blocking those inclusion attempts
Next message: [geeklog-devel] Blocking those inclusion attempts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list