This forum has been moved here:
Helicon Tech Community Forum

ISAPI_Rewrite 3.0 (Forum Locked Forum Locked)
 Helicon Tech : ISAPI_Rewrite 3.0
Subject Topic: Cross Site Scripting
Author
Message |
qcdeveloper
Newbie


Joined: 18 July 2008
Location: United States
Posts: 5
Posted: 15 September 2011 at 10:55am

I am trying to stop cross-site scripting on our site with the Helicon Rewrite tool. When I add
"|SCRIPT" to the RewriteCond I get the error below. WIthout it, I don't. However I don't see "script" anywhere in the error so I am not sure why its getting hung up on that.

# Helicon ISAPI_Rewrite configuration file
# Version 3.1.0.86
# Registration info

RewriteEngine on
RewriteLogLevel 9
LogLevel debug

RewriteBase /
RewriteCond %{QUERY_STRING} (?:DECLARE|VARCHAR|EXECUTE|SCRIPT) [NC]
RewriteRule !403\.html$ - [F]


This is the error we get:
Forbidden
You don't have permission to access http://d.ourdomain.com/confirm.asp?It=UtcSrpvpQpitwZwZ9iIP5k&Ite=%3Cb%3EE+2007%2F2010%3A+the+Bics+++++++++++++++++++++++++++++++++++++++++%3C%2Fb%3E+on+01%2F12%2F2012+at+EIM%2C+CA%2E+%3Cbr%3EEv+N%3A+120329 on this server.


Edited by qcdeveloper - 15 September 2011 at 10:56am
Back to Top
 
Anton
Admin Group


Joined: 30 January 2007
Location: Ukraine
Posts: 10519
Posted: 16 September 2011 at 4:58am

Could you please tell what URL you are requesting for testing and provide rewrite.log records for this request (don't forget to enable
logging in httpd.conf).

__________________
Regards,
Anton
Back to Top
 

Sorry, you can NOT post a reply.
This forum has been locked by a forum administrator.

Printable version Printable version