Re: hmmm

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67339
interpreted = N
texte = Jesse- How does one implement the below listed rules? Will On May 30, 2006, at 4:42 PMCDT, Jesse Proudman wrote: > Here's what I'm using: > > RewriteEngine On > RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC] > RewriteRule ^.*$ - [F] > > > On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote: > >> Yikes. Any chance you can post the rewriterule for us? >> >> Thanks, >> Bill >> >> >> -----Original Message----- >> From: Jesse Proudman >> Sent: Tue, 30 May 2006 12:18:11 -0700 >> To: "WebDNA Talk" >> Subject: Re: hmmm >> >> [This was reported to SM a week or two ago] >> >> On a security note... >> >> http://www.smithmicro.com/?text=&!=&math >> I solved this on my servers using Mod Rewrite, but every one may want >> to do something to block it on their boxes. Make sure you don't >> store sensitive information (Authorize.net username / passwords, etc) >> in text vars until you've got it patched. >> >> >> On May 30, 2006, at 11:38 AM, WJ Starck wrote: >> >>> Indeed. >>> >>> What else can ya say, in a day and age where security and >>> extensibility are at the forefront of many an admin's mind? >>> >>> R.I.P. beloved WebDNA... >> >> -- >> >> Jesse Proudman >> Blue Box Group, LLC >> >> p. +1.800.613.4305 x801 >> e. jesse@blueboxgrp.com >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > -- > > Jesse Proudman > Blue Box Group, LLC > > p. +1.800.613.4305 x801 > e. jesse@blueboxgrp.com > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Hmmm ... and thanks! (Kenneth Grome 2008)
  2. Re: [WebDNA] Hmmm ... (Donovan Brooke 2008)
  3. Re: [WebDNA] Hmmm ... ("Jim Lanford." 2008)
  4. Re: [WebDNA] Hmmm ... (Christer Olsson 2008)
  5. Re: [WebDNA] Hmmm ... ("Dan Strong" 2008)
  6. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  7. RE: [WebDNA] Hmmm ... ("Olin Lagon" 2008)
  8. Re: [WebDNA] Hmmm ... (Govinda 2008)
  9. Re: [WebDNA] Hmmm ... (Gary Krockover 2008)
  10. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  11. Re: [WebDNA] Hmmm ... (Patrick McCormick 2008)
  12. Re: [WebDNA] Hmmm ... ("Brian Boegershausen" 2008)
  13. Re: [WebDNA] Hmmm ... (Govinda 2008)
  14. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  15. RE: [WebDNA] Hmmm ... ("Vincent Medina" 2008)
  16. Re: [WebDNA] Hmmm ... (Govinda 2008)
  17. Re: [WebDNA] Hmmm ... (Dylan Wood 2008)
  18. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  19. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  20. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  21. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  22. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  23. Re: [WebDNA] Hmmm ... (Stuart Tremain 2008)
  24. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  25. Re: [WebDNA] Hmmm ... (Terry Wilson 2008)
  26. [WebDNA] Hmmm ... (Kenneth Grome 2008)
  27. Re: hmmm ( Gary Krockover 2006)
  28. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  29. Re: hmmm ( "Howard Wolosky" 2006)
  30. Re: hmmm ( Donovan Brooke 2006)
  31. Re: hmmm ( Donovan Brooke 2006)
  32. Re: hmmm ( Donovan Brooke 2006)
  33. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  34. Re: hmmm ( John Peacock 2006)
  35. Re: hmmm ( Clint Davis 2006)
  36. Re: hmmm ( Jesse Proudman 2006)
  37. Re: hmmm ( Donovan Brooke 2006)
  38. Re: hmmm ( devaulw@onebox.com 2006)
  39. Re: hmmm ( "Dan Strong" 2006)
  40. Re: hmmm ( Clint Davis 2006)
  41. Re: hmmm ( "Dan Strong" 2006)
  42. Re: hmmm ( "Dan Strong" 2006)
  43. Re: hmmm ( Terry Wilson 2006)
  44. Re: hmmm ( Stuart Tremain 2006)
  45. Re: hmmm ( "Dan Strong" 2006)
  46. Re: hmmm ( "Dan Strong" 2006)
  47. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  48. Re: hmmm ( "Bess Ho" 2006)
  49. Re: hmmm ( "Bess Ho" 2006)
  50. Re: hmmm ( Jesse Proudman 2006)
  51. Re: hmmm ( "Bess Ho" 2006)
  52. Re: hmmm ( Kenneth Grome 2006)
  53. Re: hmmm ( Jesse Proudman 2006)
  54. Re: hmmm ( devaulw@onebox.com 2006)
  55. Re: hmmm ( John Peacock 2006)
  56. Re: hmmm ( Jesse Proudman 2006)
  57. Re: hmmm ( John Peacock 2006)
  58. Re: hmmm ( John Peacock 2006)
  59. Re: hmmm ( Jesse Proudman 2006)
  60. Re: hmmm ( Kenneth Grome 2006)
  61. Re: hmmm ( John Peacock 2006)
  62. Re: hmmm ( John Peacock 2006)
  63. Re: hmmm ( Jim Ziegler 2006)
  64. Re: hmmm ( Jesse Proudman 2006)
  65. Re: hmmm ( WJ Starck 2006)
  66. Re: hmmm ( Clint Davis 2006)
  67. Re: hmmm ( WJ Starck 2006)
  68. Re: hmmm ( WJ Starck 2006)
  69. Re: hmmm ( Clint Davis 2006)
  70. Re: hmmm ( Clint Davis 2006)
  71. Re: hmmm ( "Bess Ho" 2006)
  72. Re: hmmm ( Stuart Tremain 2006)
  73. Re: hmmm ( WJ Starck 2006)
  74. Re: hmmm ( Stuart Tremain 2006)
  75. Re: hmmm ( WJ Starck 2006)
  76. Re: hmmm ( Jesse Proudman 2006)
  77. Re: hmmm ( Stuart Tremain 2006)
  78. Re: hmmm ( Eric king 2006)
  79. Re: hmmm ( Jesse Proudman 2006)
  80. Re: hmmm ( devaulw@onebox.com 2006)
  81. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  82. Re: hmmm ( Jesse Proudman 2006)
  83. Re: hmmm ( "Bess Ho" 2006)
  84. Re: hmmm ( WJ Starck 2006)
  85. Re: hmmm ( "Bess Ho" 2006)
  86. Re: hmmm ( Chris 2006)
  87. Re: hmmm ( Adam O'Connor 2006)
  88. Re: hmmm ( Donovan Brooke 2006)
  89. Re: hmmm ( devaulw@onebox.com 2006)
  90. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  91. hmmm ( Donovan Brooke 2006)
  92. Things that make you go Hmmmm (Brian B. Burton 2001)
Jesse- How does one implement the below listed rules? Will On May 30, 2006, at 4:42 PMCDT, Jesse Proudman wrote: > Here's what I'm using: > > RewriteEngine On > RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR] > RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC] > RewriteRule ^.*$ - [F] > > > On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote: > >> Yikes. Any chance you can post the rewriterule for us? >> >> Thanks, >> Bill >> >> >> -----Original Message----- >> From: Jesse Proudman >> Sent: Tue, 30 May 2006 12:18:11 -0700 >> To: "WebDNA Talk" >> Subject: Re: hmmm >> >> [This was reported to SM a week or two ago] >> >> On a security note... >> >> http://www.smithmicro.com/?text=&!=&math >> I solved this on my servers using Mod Rewrite, but every one may want >> to do something to block it on their boxes. Make sure you don't >> store sensitive information (Authorize.net username / passwords, etc) >> in text vars until you've got it patched. >> >> >> On May 30, 2006, at 11:38 AM, WJ Starck wrote: >> >>> Indeed. >>> >>> What else can ya say, in a day and age where security and >>> extensibility are at the forefront of many an admin's mind? >>> >>> R.I.P. beloved WebDNA... >> >> -- >> >> Jesse Proudman >> Blue Box Group, LLC >> >> p. +1.800.613.4305 x801 >> e. jesse@blueboxgrp.com >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > -- > > Jesse Proudman > Blue Box Group, LLC > > p. +1.800.613.4305 x801 > e. jesse@blueboxgrp.com > > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ WJ Starck

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

PCS Frames (1997) WebCat2final1 crashes (1997) Quick ShowIf question (1997) Webcat DB's over appletalk (2003) Emailer (WebCat2) (1997) lookup problem (2000) Multiple security dbs (1997) flushdatabases (1997) Setting vars in a text file..... (2004) NetSplat and WebCat2 (1997) Dubble Sku's in a Database (1999) WebCatalog [FoundItems] Problem - AGAIN - (1997) Where is f2? (1997) [Announce] WebCatalog 3.0 Beta Program (1998) TCPSend/Replace DB Records (2002) math on date? (1997) 2.0 Beta (1997) Nested tags count question (1997) frames & carts (1997) Re:2nd WebCatalog2 Feature Request (1996)