Blog Protection against Script Injection PDF Cetak Email
Ditulis oleh Tutor TKJ CLUB   
Senin, 19 Maret 2012 09:10

This the solution that I found against Script Injection: First of all, backup file. htaccess. Then paste the code below in .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

What is the code doing?

Check if the application contains and if someone try to change the variable values  GLOBALS and  _REQUEST variables.

If this happens, then the browser is closed and the 403 error is returned.

I hope this is usefull. Enjoy

 

Sumber : http://www.debian-tutorials.com