Knowledgebase

How to create a .htaccess rewrite rule (or modsec) to stop a vulnerable script?

Posted by mrzippy, 10-28-2014, 01:40 PM
Hello, I need to create a new .htaccess rewrite rule (or modsec) that will stop a vulnerable script for one of our customers. (For a variety of reasons, they aren't able to fix their script within a reasonable time-frame, so they have asked if there's anything we can do to stop the hackers.) Their software uses the following format for their URLs: http:// domain.com/script.cgi?view=999&lang=en The "view=999" is always numbers and will never be anything more than one to three numbers long. The "&lang=en" is optional, but it should never be anything else since the customer's site is in English only. (So anything after the "view=999" part could actually be removed from the URL by the rewrite since it isn't necessary.) Is it possible to redirect or block incoming URLs that do not conform to those requirements? eg: If the "view=999" part has more than three numbers, or has any letters or symbols between the "=" and "&" characters? So these would be valid URLS: http:// domain.com/script.cgi?view=12&lang=en http:// domain.com/script.cgi?view=123&lang=en http:// domain.com/script.cgi?view=1 And these would be invalid URLS: http:// domain.com/script.cgi?view=1a&lang=en http:// domain.com/script.cgi?view=1111&lang=en http:// domain.com/script.cgi?view=%111% I hope that all makes sense? Any ideas how to do this? (The only part I've been able to figure out is how to drop the "&lang=en" part if it exists...) Last edited by mrzippy; 10-28-2014 at 01:51 PM.
Posted by ryanknowshosting, 10-28-2014, 02:46 PM
Here is a pretty useful topic on the subject.. Hope it helps solve this! stackoverflow.com/questions/8236341/blocking-bad-requests-with-htaccess-file
Posted by mrzippy, 10-28-2014, 06:41 PM
I've tried to get this working, but so far no success. Here is what I have so far: Anyone know how to make this do what I need? Thanks!


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
DedicatedNow down? (Views: 670)
windows vds (Views: 593)
Vps optimization & Apache suphp, dso vs fcgi (Views: 640)
Error messages re Potential Cross Site Scripting Attack (Views: 635)
Gmail SPAM Folder (Views: 599)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.