Here are some handy Apache rewrite rules for blocking cross site scripting (XSS) attacks:
|
1 2 3 4 5 6 |
RewriteCond %{REQUEST_URI} base64_encode.*\(.*\) [OR] RewriteCond %{REQUEST_URI} (\<|<).*script.*(\>|>) [NC,OR] RewriteCond %{REQUEST_URI} (\<|<).*iframe.*(\>|>) [NC,OR] RewriteCond %{REQUEST_URI} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{REQUEST_URI} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ 404.php [F,L] |
And here are similar rules for Nginx:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
set $block_xss 0; if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($request_uri ~ "base64_(en|de)code\(.*\)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*script.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($request_uri ~ "(<|%3C).*iframe.*(>|%3E)") { set $block_xss 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_xss 1; } if ($block_xss = 1) { return 403; } |
We gathered these rules from several sources around the net so they are not original but it’s handy to have them all in one place with both the Apache and Nginx versions.