|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
|
|
|
||||||
| alt.apache.configuration Apache web server configuration issues. |
 |
|
|
LinkBack | Outils de la discussion |
04/02/2008, 18h57
|
#1 |
Messages: n/a
Hébergeur: |
SQL Injection
Hi folks,
my website seems to be the preferred target for Sql Injection. http://mywebsite/index.php/Cariche-s...Fgosa%2Fyiw%2F Is there a way to configure apache to redirect elsewhere this kind of traffic? I mean redirecting the url while the visitor type an url like this one (or above one): http://mywebsite.tld/path/HTTP://SOMETHING-LIKETHIS thus checking the double http:// and redirect this traffic to another site. Thank you F |
|
|
05/02/2008, 11h11
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: SQL Injection
FDM+ wrote:
> Hi folks, Hi, > my website seems to be the preferred target for Sql Injection. > http://mywebsite/index.php/Cariche-s...Fgosa%2Fyiw%2F > > Is there a way to configure apache to redirect elsewhere this kind of > traffic? I mean redirecting the url while the visitor type an url like this > one (or above one): > > http://mywebsite.tld/path/HTTP://SOMETHING-LIKETHIS > > thus checking the double http:// and redirect this traffic to another site. > Yes, you can use a module for url rewriting (mod_rewrite): http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html But that is fixing your problem in the wrong way. But I must urge you to fix your application. If SQL injection is possible, fix the scripts. SQL injection vunerability means your receiving scripts are written by an amateur, since it is easily countered. If you are using a third party package (joomla?), get the latest version. Maybe they fixed it. Regards, Erwin Moller > Thank you > F > |
|
|
|
05/02/2008, 22h58
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: SQL Injection
In spite all the fixes I don't want to have XSS attack.
Any example for url_rewriting applied at this case? Thank you Fab |
|
|
|
| Outils de la discussion | |
|
|
