首页 > Other > Apache URL重写防黑客攻击

Apache URL重写防黑客攻击

可以防止URL GET方法,对POST方法无效

RewriteEngine On

# proc/self/environ? 没门!

RewriteCond %{QUERY_STRING} proc/self/environ [OR]

# 阻止脚本企图通过URL修改mosConfig值

RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]

# 阻止脚本通过URL传递的base64_encode垃圾信息

RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# 阻止在URL含有<script>标记的脚本

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# 阻止企图通过URL设置PHP的GLOBALS变量的脚本

RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# 阻止企图通过URL设置PHP的_REQUEST变量的脚本

RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

# 把所有被阻止的请求转向到403禁止提示页面!

RewriteRule ^(.*)$ index.php [F,L]

分类:Other
  1. 还没有评论。
  1. No trackbacks yet.

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: