This forum has been moved here:
Helicon Tech Community Forum

  Active TopicsActive Topics  Display List of Forum MembersMemberlist  HelpHelp   RegisterRegister  LoginLogin
ISAPI_Rewrite 2.x (Forum Locked Forum Locked)
 Helicon Tech : ISAPI_Rewrite 2.x
Subject Topic: Rewrite rule for "<script
Author
Message |
nonprofit
Newbie


Joined: 07 January 2011
Posts: 2
Posted: 07 January 2011 at 4:18pm

Hello...

I'm having an issue getting two of my rules to work properly. I basically want to catch malicious "keywords" in
the URL and forward them to a 404 error. Here's my current rules:


RewriteRule (.*;DECLARE.*|.*cast.*\(|.*exec.*\(|.*sqlexec.*|.*sp_password.*|.*convert.*\(|.*xp_.*) $0 [I,F]
RewriteRule (.*delete.*from*|.*truncate.*|.*Drop.*Table.*|.*insert.*into.*|.*truncate.*) $0 [I,F]
RewriteRule (.*sysobjects*|.*syscolumns.*|.*sysusers.*) $0 [I,F]
RewriteRule (.*<script.*|.*/script.*|.*2Fscript.*|.*3Cscript.*|.*iframe.*) $0 [I,F]

The issues I'm having is with the ".*<script.*" and ".*truncate.*" rules.

On the "truncate" rule, it doesn't seem to work at all. If I do "trunccate" (or any other misspelling), then it
works just fine. Is truncate a reserved word?

For "<script", I've tried ".*\<script.*", but that seems to 404 anything with the word "script" not
specifically "<script". It will 404 for "<SCRIPT" or anything with just "script" (but not "<script". If
possible, I'd like to allow just the plain word "script" (but I guess I'd be OK if I had to disallow this word
all together). Going down that road, I noticed was that if I use ".*script.*", it will catch most cases with
the word "script" in it, but it still won't catch "<script" (which is very import to catch in this case!).

Any thoughts/help would be greatly appreciated!!
Kevin
Back to Top
 
nonprofit
Newbie


Joined: 07 January 2011
Posts: 2
Posted: 07 January 2011 at 4:25pm

Ok, interesting...

I went to a different site (I'm using this same rule for a
few sites running on this install of IIS. Both problematic
rules seem to be working on the other sites...

Go figure! I'm not sure what the issue was, but that makes
me think the rules are working ok. If I'm still having
issues in a bit, I'll repost...

thanks!
Kevin
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum