This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x (Forum Locked Forum Locked)
 Helicon Tech : ISAPI_Rewrite 2.x
Subject Topic: sql injection entry url
Author
Message |
stupcw
Newbie


Joined: 02 February 2005
Location: United Kingdom
Posts: 5
Posted: 22 September 2010 at 3:26am

Hi Guys

Have the following systemwide http.ini to deter sql in jections. I want to be able to report the actual entry url that caused the redirect, how can i do that.

RewriteRule .*DECLARE.* /security-violation.htm
RewriteRule .*NVARCHAR.* /security-violation.htm
RewriteRule .*INSERT .* /security-violation.htm
RewriteRule .*INSERT %20.* /security-violation.htm
RewriteRule .* xp_.* /security-violation.htm
RewriteRule .*%20xp_.* /security-violation.htm
RewriteRule .*%[email protected]* /security-violation.htm
RewriteRule .* @.* /security-violation.htm
RewriteRule .*@%20.* /security-violation.htm
RewriteRule .*@ .* /security-violation.htm
RewriteRule .*';* /security-violation.htm
RewriteRule .*EXEC\(@.* /security-violation.htm
RewriteRule .*sp_password.* /security-violation.htm
RewriteRule /security-violation.htm /security.cfm [I,L]

cheers
Back to Top
 
Anton
Admin Group


Joined: 30 January 2007
Location: Ukraine
Posts: 10519
Posted: 22 September 2010 at 4:56am

You may consider using U flag after your rules.
This will allow to log the URL as it was originally requested and not as the URL was rewritten.

__________________
Regards,
Anton
Back to Top
 
stupcw
Newbie


Joined: 02 February 2005
Location: United Kingdom
Posts: 5
Posted: 22 September 2010 at 6:33am

Thanks Anton,

RewriteRule .*DECLARE.* /security-violation.htm [I,U]
RewriteRule .*NVARCHAR.* /security-violation.htm [I,U]
RewriteRule .*INSERT .* /security-violation.htm [I,U]
RewriteRule .*INSERT %20.* /security-violation.htm [I,U]
RewriteRule .* xp_.* /security-violation.htm [I,U]
RewriteRule .*%20xp_.* /security-violation.htm [I,U]
RewriteRule .*%[email protected]* /security-violation.htm [I,U]
RewriteRule .* @.* /security-violation.htm [I,U]
RewriteRule .*@%20.* /security-violation.htm [I,U]
RewriteRule .*@ .* /security-violation.htm [I,U]
RewriteRule .*';* /security-violation.htm [I,U]
RewriteRule .*EXEC\(@.* /security-violation.htm [I,U]
RewriteRule .*sp_password.* /security-violation.htm [I,U]
RewriteRule /security-violation.htm /security.cfm [I,L,U]

Will this write the original url to the iis log?

Is it possible to get this url value as a variable passed to security.cfm at all

Back to Top
 
Anton
Admin Group


Joined: 30 January 2007
Location: Ukraine
Posts: 10519
Posted: 23 September 2010 at 2:17am

Before any URL modification ISAPI_Rewrite saves original URL into the HTTP header named X-Rewrite-URL.
Then it can be retrieved in script as HTTP_X_REWRITE_URL server variable.



__________________
Regards,
Anton
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum