[mod-security-users] Command injection attack
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Command injection attack
|
From: David R. <cas...@gm...> - 2005-08-12 12:04:21
|
Hi, I would like to write a rule to filter this kind of attack (Command injection attack): GET /stats.pl?toto=3Daa+bb+cc+|+any_unix_command+#+dd+ee&titi=3Dtata In GET or POST In fact I would like to block all the ";", "|", "#" I wrote : SecFilterSelective ARGS [;|\||#] It works but is it the best way ? David ROBERT |
