Wandering in Fields of Idiots

My Blog

Apache Rewrite to Deal With Code Injections in URIs

| Comments

Ok, so because of a potential hole in the Mambo CMS with the PHP rule "RegisterGlobals On" I get people trying to inject code into my website. However I don't actually use the Register Globals On, because I am less of a fool than you might think and I wanted to highlight this problem in my log and block the requests.

I would use Apache Mod Rewrite but it has a challenge here that needed to be resolved, it can't parse the parameter of a URL after the "?" with a simple:

RewriteRule mosConfig http://www.orbit.me.uk/ [F] 

This should find the word mosConfig in a URL and then redirect to a "forbidden" message. But because Rewrite parses the URL only up to "?" the offending code injection isn't spotted:
http://www.orbit.me.uk//includes/Cache/Lite.php?mosConfig_absolute_path=http://[snip]

My solution:

RewriteEngine on
RewriteCond %{THE_REQUEST} mosConfig
RewriteRule ^/* http://www.orbit.me.uk/ [F]

 "%{THE_REQUEST}" is able to give the complete request string from the browser and then parse it! Perfect and now the offending URLs will be trapped and forbidden. I could have trapped a more specific condition to just trap mosConfig_absolute_path but I wanted to trap all possible mosConfig injections.

I invite comment. 

Edit, I notice from some more informed searching that there is a better solution for this!

http://forum.mamboserver.com/showthread.php?t=83011