On Jul 15, 2008, at 7:52 AM, Tom Brown wrote:
I have apache sat in front of some IIS servers to do some logging, they just pass the request over to IIS. I have an issue where there are sql injection attacks coming through and i wonder at the URL level can i filter these out and thrown them away at the apache level. I am checking through but it seems that 'VARCHAR' is being used in the attack but not in any valid URL - Is there any rewrite or similar to be able to mitigate this?
Check out modSecurity http://www.modsecurity.org/ S. -- Sander Temme [EMAIL PROTECTED] PGP FP: 51B4 8727 466A 0BC3 69F4 B7B8 B2BE BC40 1529 24AF
smime.p7s
Description: S/MIME cryptographic signature
