RewriteCond 使用 .htaccess 重定向
RewriteCond using .htaccess to redirect
如何在 url 下方重定向并与 RewriteCond
匹配
http://example.com/team/home/index.cgi/"><script>alert(7229)</script>
http://example.com/team/home/index.cgi/?"onmouseover="alert(173)"
我需要可以匹配上述 url 的 RewriteCond 并重定向到为其他 RewriteCond 设置的 rewriterule
Updated query for .htaccess file, please check below code is written for xxs,sql injection prevention, but not solving problem completley
------------------------------------------------------
Header set X-XSS-Protection "1; mode=block"
RewriteBase /
RewriteEngine On
#RewriteCond %{HTTP_USER_AGENT} !^.*Chrome.* [NC]
#RewriteCond %{HTTP_USER_AGENT} !^.*Firefox.* [NC]
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
#RewriteRule ^/script/i$ [NE,L]
#RewriteRule ^([^\"]+\.cgi)/.* [R=301,L]
RewriteRule ^(.*)$ /cgi-bin/team/home/index.cgi? [R]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#END OF XSS FIX
除了 QUERY_STRING 之外,您还可以检查 REQUEST_URI:
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{REQUEST_URI} onmouseover [NC]
RewriteRule ^ - [F]
如何在 url 下方重定向并与 RewriteCond
匹配 http://example.com/team/home/index.cgi/"><script>alert(7229)</script>
http://example.com/team/home/index.cgi/?"onmouseover="alert(173)"
我需要可以匹配上述 url 的 RewriteCond 并重定向到为其他 RewriteCond 设置的 rewriterule
Updated query for .htaccess file, please check below code is written for xxs,sql injection prevention, but not solving problem completley
------------------------------------------------------
Header set X-XSS-Protection "1; mode=block"
RewriteBase /
RewriteEngine On
#RewriteCond %{HTTP_USER_AGENT} !^.*Chrome.* [NC]
#RewriteCond %{HTTP_USER_AGENT} !^.*Firefox.* [NC]
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
#RewriteRule ^/script/i$ [NE,L]
#RewriteRule ^([^\"]+\.cgi)/.* [R=301,L]
RewriteRule ^(.*)$ /cgi-bin/team/home/index.cgi? [R]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#END OF XSS FIX
除了 QUERY_STRING 之外,您还可以检查 REQUEST_URI:
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{REQUEST_URI} onmouseover [NC]
RewriteRule ^ - [F]