Looking for some collective thoughts here on how to shield sites
fronted with Cherokee from Anonymous' RefRef tool.
The anatomy of the tool oversimplified is that it posts to a URL on a
website and sends along in the POST some javascript which pumps this
data to MySQL:
select benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f);
What that does is runs the benchmark to convert the string 99999999999 times.
One solution I've found elsewhere and is Apache specific is this:
.htaccess
RewriteEngine on
RewriteCond %{QUERY_STRING}
.*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark)
[NC]
RewriteRule .* - [R=406,L]
Anyone know of or recommend how to convert this to Cherokee rules?
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee
fronted with Cherokee from Anonymous' RefRef tool.
The anatomy of the tool oversimplified is that it posts to a URL on a
website and sends along in the POST some javascript which pumps this
data to MySQL:
select benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f);
What that does is runs the benchmark to convert the string 99999999999 times.
One solution I've found elsewhere and is Apache specific is this:
.htaccess
RewriteEngine on
RewriteCond %{QUERY_STRING}
.*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark)
[NC]
RewriteRule .* - [R=406,L]
Anyone know of or recommend how to convert this to Cherokee rules?
_______________________________________________
Cherokee mailing list
Cherokee@lists.octality.com
http://lists.octality.com/listinfo/cherokee