Apache Rewrite to deal with code injections in URIs
Ok, so because of a potential hole in the Mambo CMS with the PHP rule "RegisterGlobals On" I get people trying to inject code into my website. However I don't actually use the Register Globals On, because I am less of a fool than you might think and I wanted to highlight this problem in my log and block the requests.
I would use Apache Mod Rewrite but it has a challenge here that needed to be resolved, it can't parse the parameter of a URL after the "?" with a simple:
RewriteRule mosConfig http://www.orbit.me.uk/ [F]
This should find the word mosConfig in a URL and then redirect to a "forbidden" message. But because Rewrite parses the URL only up to "?" the offending code injection isn't spotted:
http://www.orbit.me.uk//includes/Cache/Lite.php?mosConfig_absolute_path=http://[snip]
My solution:
RewriteEngine on
RewriteCond %{THE_REQUEST} mosConfig
RewriteRule ^/* http://www.orbit.me.uk/ [F]
"%{THE_REQUEST}" is able to give the complete request string from the browser and then parse it! Perfect and now the offending URLs will be trapped and forbidden. I could have trapped a more specific condition to just trap mosConfig_absolute_path but I wanted to trap all possible mosConfig injections.
I invite comment.
Edit, I notice from some more informed searching that there is a better solution for this!