Protection against XSS exploits

Categories: Security, .htaccess

Used at Lunarpages to prevent XSS attack and exploitation via .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.(.) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).script.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).iframe.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.)$ index_error.php [F,L] 
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) 
RewriteRule . - [F]
«
»