On Sat, Nov 22, 2008 at 9:24 AM, <[EMAIL PROTECTED]> wrote: > Hello and Greetings, > > I have just been reviewing a script that says its a PHP firewall. It > is using an array with 250 elements that are all basically subsets of > code and injections that hackers use to break into sites. I could > easily take this array and create a preg_match test but was wondering > at what point pattern matching gets unmanageable or impractical. This > script looks a lot like .htaccess using mod rewrite to block badguys. > > I would appreciates some feedback on this, what is the rest of the > world using to block or intercept bad guy injection attacks? >
modsecurity http://www.modsecurity.org/ Their site is oddly short on explanation. It's an open source Apache module that does what your pho script is trying to do, and probably a lot more. Aka WAF, web application firewall. _______________________________________________ New York PHP User Group Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk http://www.nyphp.org/show_participation.php
