[geeklog-devel] Blocking those inclusion attempts

Ramnath R Iyer casual.dodo at gmail.com
Sat Dec 15 07:52:36 EST 2007

On Saturday 15 December 2007 05:22:32 Dirk Haun wrote:
> Does anyone see a problem with a .htaccess rule like this?
>   RewriteEngine On
>   RewriteCond %{THE_REQUEST} http:
>   RewriteRule .* - [L,F]
> This would block all requests that contain "http:" in the URL. It's
> aimed at the script kiddies' standard inclusion attempts, e.g.

Wouldn't this also block something like -

GET http://www.geeklog.net/forum/index.php HTTP/1.1

HTTP v1.1 allows complete URIs to be specified in the request line.

Ramnath R Iyer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20071215/48d299a5/attachment.sig>

More information about the geeklog-devel mailing list