Re: ReDirect question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Jun 26, 2015 at 1:36 PM, Kurtis Rader <krader@xxxxxxxxxxxxx> wrote:
My question for James would be how do you know the query string has the parameters in that exact order? Unless the query string has been hand-crafted you cannot assume the parameters will appear in any specific order. Also, your pattern doesn't handle the case where the parameters are separated by semicolons (which is a legal alternative to ampersand). In general matching against QUERY_STRING is very difficult to do in a robust manner.

P.S., Here is an example from my config of how to robustly check for the presence of a specific query string parameter. In this case I'm looking for a reference to the WordPress "Revolution Slider" plugin which has had numerous security flaws and I will never install on my site as a consequence.

# Malware loves to probe for revslider plugin vulnerabilities. Since we don't
# use it (and never will given its history of vulnerabilities) blacklist
# references to it. This is related to the blacklisted-path rules above.
RewriteCond %{REQUEST_URI} ^/wp-content/plugins/revslider/ [NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action="" [NC,OR]
RewriteCond %{QUERY_STRING} (?:^|&|;)action="" [NC]
RewriteRule ^ /blocked.php [END,E=error-notes:probe-for-revslider-plugin]


--
Kurtis Rader
Caretaker of the exceptional canines Junior and Hank
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux