28 Jan 23:52
Help required: How to forbid inclusion attacks?
Michael Heuberger <michael.heuberger <at> binarykitchen.com>
2010-01-28 22:52:12 GMT
2010-01-28 22:52:12 GMT
H I tried following rule: SecFilterSelective REQUEST_URI "\=(http|ftp|https)\:/" "msg:'Inclusion attacks not allowed'" But somehow it doesn't work. I want to filter out URLs like "http://www.deafzone.ch/?id=http://www.sun-angel.ru//js/gid.gif" Any inclusion attach beginning with "=http:" or "=ftp:" or "=https:" should be filtered out with the above rule. Maybe I did something wrong? Thank you for your help Michael H. ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ mod-security-users mailing list mod-security-users <at> lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Appliances, Rule Sets and Support: http://www.modsecurity.org/breach/index.html
RSS Feed