You are going to want to do more than filter on DECLARE.
The ones below are common to the SQL injections we've seen. We also are
looking at the entire URL rather than just the query string, but it's up to
you. You can even add one in for "CAST(" if you want. It conflicts with
some things we are doing so we left it out.
RewriteRule ^.*DECLARE%20.*$ http://www.cybercrime.gov/ [NC]
RewriteRule ^.*NVARCHAR.*$ http://www.cybercrime.gov/ [NC]
RewriteRule ^.*sp_password.*$ http://www.cybercrime.gov/ [NC]
RewriteRule ^.*%20xp_.*$ http://www.cybercrime.gov/ [NC]
RewriteRule ^.*EXEC\(@.*$ http://www.cybercrime.gov/ [NC]
RewriteRule [EMAIL PROTECTED] http://www.cybercrime.gov/ [NC]
Here's the rewrite I'm using. Am no mod_rewrite expert, but it appears to
be working:
RewriteCond %{QUERY_STRING} .*DECLARE.*
RewriteRule ^(.*)$ violation.htm [nc,L]
Mike Chytracek
Managing Partner
Ignite Solutions
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive: http://www.houseoffusion.com/groups/CF-Linux/message.cfm/messageid:4434
Subscription: http://www.houseoffusion.com/groups/CF-Linux/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
