Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 3.0 support forum
 Helicon Tech : ISAPI_Rewrite 3.0 support forum
Subject Topic: Convert SQL injection 2.x rules to 3.x? Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
jasolution
Newbie
Newbie


Joined: 27 March 2004
Location: United States
Online Status: Offline
Posts: 13
Posted: 25 July 2008 at 6:54am | IP Logged Quote jasolution
In this thread are the following rules for v2.x:


What is the proper syntax for v3.x?

RewriteRule .*DECLARE.* /security-violation.htm
RewriteRule .*NVARCHAR.* /security-violation.htm
RewriteRule .*INSERT .* /security-violation.htm
RewriteRule .*INSERT %20.* /security-violation.htm
RewriteRule .* xp_.* /security-violation.htm
RewriteRule .*%20xp_.* /security-violation.htm
RewriteRule .*%20@.* /security-violation.htm
RewriteRule .* @.* /security-violation.htm
RewriteRule .*@%20.* /security-violation.htm
RewriteRule .*@ .* /security-violation.htm
RewriteRule .*';* /security-violation.htm
RewriteRule .*EXEC\(@.* /security-violation.htm
RewriteRule .*sp_password.* /security-violation.htm
RewriteRule /security-violation.htm /security.asp [I,L]

After importing into 3.0, I get these "Unknown Expression" errors:


RewriteRule ^.*DECLARE.*$ /security-violation.htm [NC]
RewriteRule ^.*NVARCHAR.*$ /security-violation.htm [NC]
# # Line 22: (Unknown expression)     RewriteRule .*INSERT .* /security-violation.htm
# # Line 23: (Unknown expression)     RewriteRule .*INSERT %20.* /security-violation.htm
# # Line 24: (Unknown expression)     RewriteRule .* xp_.* /security-violation.htm
RewriteRule ^.*%20xp_.*$ /security-violation.htm [NC]
RewriteRule ^.*%20@.*$ /security-violation.htm [NC]
# # Line 27: (Unknown expression)     RewriteRule .* @.* /security-violation.htm
RewriteRule ^.*@%20.*$ /security-violation.htm [NC]
# # Line 29: (Unknown expression)     RewriteRule .*@ .* /security-violation.htm
RewriteRule ^.*';*$ /security-violation.htm [NC]
RewriteRule ^.*EXEC\(@.*$ /security-violation.htm [NC]
RewriteRule ^.*sp_password.*$ /security-violation.htm [NC]
RewriteRule ^/security-violation.htm$ /security.asp [NC,L]

Thanks!
Back to Top View jasolution's Profile Search for other posts by jasolution
 
Anton
Moderator Group
Moderator Group


Joined: 30 January 2007
Location: Ukraine
Online Status: Offline
Posts: 3895
Posted: 28 July 2008 at 1:58am | IP Logged Quote Anton
Here are correct rules:

RewriteRule .*INSERT\s.* /security-violation.htm
RewriteRule .*INSERT\s%20.* /security-violation.htm
RewriteRule .*\sxp_.* /security-violation.htm

RewriteRule .*\s@.* /security-violation.htm

RewriteRule .*@\s.* /security-violation.htm


__________________
Regards,
Anton
Back to Top View Anton's Profile Search for other posts by Anton
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum