WordPress-.htaccess-块注入攻击
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了WordPress-.htaccess-块注入攻击相关的知识,希望对你有一定的参考价值。
The problemProtecting dynamic websites is especially important. Most developers always protect their GET and POST requests, but sometimes this is not enough. We should also protect our blog against script injections and any attempt to modify the php GLOBALS and _REQUEST variables.
The solution
The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPress installation). Make sure to always back up the .htaccess file before modifying it.
Code explanation
Using the power of the .htaccess file, we can check requests. What we’ve done here is check whether the request contains a and whether it has tried to modify the value of the PHP GLOBALS or _REQUEST variables. If any of these conditions are met, the request is blocked and a 403 error is returned to the client’s browser.
Sources
* Protéger Son Site Avec Un Fichier .htaccess
* Protect Your WordPress Blog Using .htaccess
Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L]
以上是关于WordPress-.htaccess-块注入攻击的主要内容,如果未能解决你的问题,请参考以下文章
apache_conf Wordpress .htaccess
apache_conf wordpress htaccess
apache_conf Wordpress htaccess