Hello. There is a page of type name.html. How to forbid modifying the URL via "?" Through .htaccess and put a 301 redirect from such vulnerable URLs to the name.html page and the like? Now, by any request, by the link http://name.name/name.html ? After the_this_ignation/ you can get a server response - 200 (the page exists).

  • Why is the URL with the question vulnerable then. Okay, another redirect is for SEO, but the vulnerability can only be in the code that handles the request - right there and do the redirect, or just clear the list of parameters at the entry point, if you want to. - Goncharov Alexander
  • It is important that these pages do not exist, and should not give an answer 200. My question was related to how to make such pages inaccessible. As for vulnerabilities. thanks to such a modifier as "?", you can try to make a blind selection. I am more interested in solving the first question. - AI-
  • осуществить слепой подбор what else is a blind selection, what will the attackers choose? With regards to the main question - so make the redirect in the code, it would be better if you really want htaccess - that’s the answer to the question of stackoverflow.com/questions/3457022/… - Goncharov Alexander
  • It was meant - blind sql-injection. It seems found, thank you. An example of this is: RewriteRule ^ (. *) Name.name/$1 ? [R = 301, L] But I have some pages through? exist. How to allow a specific list of pages, along with this rule? - AI-
  • sql-injection injections should be processed not by destroying parameters, but by processing parameters in the code of the controllers. Injections will be only if your .html link is actually not a fig not html - but is processed by the server (php, asp, java), with what is full of holes. That is, the injections are watched differently, otherwise the holes you will not go anywhere. 99% of injections go away when using the query builder, for example framework.zend.com/manual/1.10/ru/zend.db.select.html (for PHP) - Goncharov Alexander

0