GET/POST Security with .htaccess

Below is a useful code to block out some common exploits for GET/POST values with .htaccess
Simply add the code to your /public_html/.htaccess file:

# GET/POST Security with .htaccess
Options +FollowSymLinks
RewriteEngine On
# Block out any script trying to set a mosConfig value through the URL (Joomla)
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a < script > tag in URL
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with ‘403 Forbidden’ error.
RewriteRule ^(.*)$ index.php [F,L]

Was this answer helpful?

Also Read

.htaccess URL Masking Examples

If you would like to access a specific URL for your domain but do not display it in the browser's...

Protect your WordPress from Brute Force Attacks

Recently, there was a worldwide, highly-distributed Brute Force Attack on WordPress sites....

.htaccess rules to Harden your website’s Security

Below you see a list of the important rules that you can add to your .htaccess file to harden...

Leverage Browser Caching using .htaccess

Add the following .htaccess rules to the very end of your .htaccess file to reduce the load times...

Resolving XMLRPC DDoS WordPress Attack with .htaccess

Brute Force Attacks against WordPress have always been very common.Here is how to temporarily...