[geeklog-devel] Blocking those inclusion attempts
Ramnath R Iyer
casual.dodo at gmail.com
Sat Dec 15 07:52:36 EST 2007
On Saturday 15 December 2007 05:22:32 Dirk Haun wrote:
> Does anyone see a problem with a .htaccess rule like this?
>
> RewriteEngine On
> RewriteCond %{THE_REQUEST} http:
> RewriteRule .* - [L,F]
>
> This would block all requests that contain "http:" in the URL. It's
> aimed at the script kiddies' standard inclusion attempts, e.g.
Wouldn't this also block something like -
GET http://www.geeklog.net/forum/index.php HTTP/1.1
HTTP v1.1 allows complete URIs to be specified in the request line.
--
Ramnath R Iyer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20071215/48d299a5/attachment.sig>
More information about the geeklog-devel
mailing list