[geeklog-devel] Blocking those inclusion attempts
Dirk Haun
dirk at haun-online.de
Sat Dec 15 12:17:31 EST 2007
Ramnath R Iyer wrote:
>I think you would want something like:
>
>^.+http:
>
>Starts with one or more characters, and is followed by http:
Looks good, thanks. You only need to use QUERY_STRING then, since
THE_REQUEST contains the entire request, including the GET. So:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^.+http:
RewriteRule .* - [L,F]
That seems to work as expected and shouldn't block requests with
complete URIs any more (I've removed those .htaccess rules).
It's up on geeklog.net now. Let me know if anyone is running into
problems with unexpected "Access denied" messages.
bye, Dirk
--
http://www.haun-online.de/
http://geeklog.info/
More information about the geeklog-devel
mailing list