Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 2 of 2
  1. #1
    Junior Member
    Join Date
    Aug 2007
    Location
    California
    Posts
    4
    Member #
    15681
    This is for a WordPress installation. I keep getting SQL injection attempts, using a query string of "; DECLARE..." and a bunch of stuff. They haven't been successful, but I'm still tired of it.

    So I decided I was going to use a .htaccess file to block any requests containing ";declare". But the mod I've been using hasn't worked.

    The problem is with my permalinks setup. WordPress automatically creates the .htaccess file, and since I'm not too familiar with mod_rewrite, I'm not too sure how it works. But I do know that when I comment out the permalink lines, the mod for declare works fine.

    Here's what WordPress put in:

    Code:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    And here's what I'm trying to put in:
    Code:
    RewriteCond %{QUERY_STRING} ^(.*);declare(.*)$ [NC]
    RewriteRule ^.* - [F,L]
    I've tried putting in that second bit just about everywhere. I've tried dropping the "L" for last rule when it wasn't the last rule.

    And I still can't get both to work at the same time. Any ideas?

  2.  

  3. #2
    Senior Member
    Join Date
    Apr 2005
    Location
    Hatfield, England
    Posts
    855
    Member #
    9790
    Quote Originally Posted by hb1547
    Code:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    Hi there.

    The way I understand the htaccess is as follows

    If the request is for a file that exists on the web server, do not redirect.
    RewriteCond %{REQUEST_FILENAME} !-f

    If the request is for a directory that exists on the webserver, do not redirect
    RewriteCond %{REQUEST_FILENAME} !-d

    Redirect to index.php
    RewriteRule . /index.php [L]

    Now, assuming you put your code above the WP code I don't have a clue why it wouldn't work. Sorry.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 09:17 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com