Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jan 11th, 2011  |  syntax: None  |  size: 1.37 KB  |  hits: 634  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. # FILTER REQUEST METHODS
  2.  
  3. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
  4.  
  5. RewriteRule ^(.*)$ - [F,L]
  6.  
  7.  
  8.  
  9. # QUERY STRING EXPLOITS
  10.  
  11. RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
  12.  
  13. RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
  14.  
  15. RewriteCond %{QUERY_STRING} tag\= [NC,OR]
  16.  
  17. RewriteCond %{QUERY_STRING} ftp\:  [NC,OR]
  18.  
  19. RewriteCond %{QUERY_STRING} http\:  [NC,OR]
  20.  
  21. RewriteCond %{QUERY_STRING} https\:  [NC,OR]
  22.  
  23. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  24.  
  25. RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
  26.  
  27. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
  28.  
  29. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
  30.  
  31. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
  32.  
  33. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
  34.  
  35. RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
  36.  
  37. RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
  38.  
  39. RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|"|;|\?|\*|=$).* [NC,OR]
  40.  
  41. RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR]
  42.  
  43. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  44.  
  45. RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|insert|union|declare|drop|delete|create|alter|update|order|char|set|cast|convert|meta|script|truncate).* [NC]
  46.  
  47. RewriteRule ^(.*)$ - [F,L]
create a new version of this paste RAW Paste Data