Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x support forum
 Helicon Tech : ISAPI_Rewrite 2.x support forum
Subject Topic: Preventing Sql Injection Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
ElitistPhoenix
Newbie
Newbie


Joined: 21 August 2008
Online Status: Offline
Posts: 3
Posted: 21 August 2008 at 8:36pm | IP Logged Quote ElitistPhoenix
Hi All,

I'm trying to write a rule that will redirect anything after the original http in the url string to another website... say cybercrime.gov

Any help would be greatly appreciated.
Back to Top View ElitistPhoenix's Profile Search for other posts by ElitistPhoenix
 
ElitistPhoenix
Newbie
Newbie


Joined: 21 August 2008
Online Status: Offline
Posts: 3
Posted: 21 August 2008 at 8:36pm | IP Logged Quote ElitistPhoenix
Probably should have meantioned it was for v2
Back to Top View ElitistPhoenix's Profile Search for other posts by ElitistPhoenix
 
jwpaine
Newbie
Newbie


Joined: 22 August 2008
Online Status: Offline
Posts: 1
Posted: 22 August 2008 at 11:28am | IP Logged Quote jwpaine
I've written a (very likely) poorly written filter that has been effective at catching the latest crop of ";DECLARE" hacks.

RewriteRule .*;DECLARE        /common/hackersretreat.asp


This catches any querystrings with that SQL statement in them and sends them to an asp script that logs their IP number and closes their session. I also have a function in my global.asa that checks ip addresses against that log, and redirects redirects all matches to "denied.htm".

Any comments on my filter (I know it cold be better written) would be appreciated.
Back to Top View jwpaine's Profile Search for other posts by jwpaine
 
Lexey
Moderator Group
Moderator Group


Joined: 15 August 2002
Location: Russian Federation
Online Status: Offline
Posts: 7598
Posted: 27 August 2008 at 1:55pm | IP Logged Quote Lexey
This rule will work in 3.x but not in 2.x.
2.x requires something like that:

RewriteRule .*;DECLARE.* /common/hackersretreat.asp [I,L]
Back to Top View Lexey's Profile Search for other posts by Lexey
 
ElitistPhoenix
Newbie
Newbie


Joined: 21 August 2008
Online Status: Offline
Posts: 3
Posted: 27 August 2008 at 4:56pm | IP Logged Quote ElitistPhoenix
Sorry guys proabably should have been more specific. I've already got a rule like that. I want one that will catch any "http" or "www" after the original. That will work in v2

e.g.

http://www.mysite.com/index.aspx?http://www.badsite.com/badjs.js
Back to Top View ElitistPhoenix's Profile Search for other posts by ElitistPhoenix
 
Lexey
Moderator Group
Moderator Group


Joined: 15 August 2002
Location: Russian Federation
Online Status: Offline
Posts: 7598
Posted: 28 August 2008 at 4:40am | IP Logged Quote Lexey
Try this:

RewriteRule [^?]+\?.*(?:http://|www\.).* /trap.asp [I,L]
Back to Top View Lexey's Profile Search for other posts by Lexey
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum