John Hardin wrote:
>
> Everybody:
>
> I'm trying to protect my users against the attacks outlined in
> http://www.sidesport.com/hijack/
>
> I tried adding a deny url_regex ACL for "\%3Cscript\%20", but it looks
> like url_regex ignores the text after ? in a CGI URL.
>
> Is there any way to apply an ACL to the *arguments* of a CGI URL?
>
> What am I missing?
Does the thundering silence in response to this question mean that
there's no way to code an ACL that scans CGI arguments?
Thanks.
-- John Hardin <johnh@aproposretail.com> Internal Systems Administrator voice: (425) 672-1304 Apropos Retail Management Systems, Inc. fax: (425) 672-0192 ----------------------------------------------------------------------- Today: A2K++ session 2 day 3Received on Wed Jun 06 2001 - 13:55:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:31 MST