GET/POST Security with .htaccess

Below is a useful code to block out some common exploits for GET/POST values with .htaccess
Simply add the code to your /public_html/.htaccess file:

# GET/POST Security with .htaccess
Options +FollowSymLinks
RewriteEngine On
# Block out any script trying to set a mosConfig value through the URL (Joomla)
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a < script > tag in URL
RewriteCond %{QUERY_STRING} (\|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with ‘403 Forbidden’ error.
RewriteRule ^(.*)$ index.php [F,L]

  • Email, SSL
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Do you support mod_rewrite for apache?

Yes, mod_rewrite is enabled on your server. For more information on what mod_rewrite is and how...

How to execute php code as .htm or .html files

In your .htaccess file insert this line of code. addhandler application/x-httpd-php .htm .html

Disabling Magic Quotes GPC

How to turn off magic quotes gpc (required by Joomla 3 and some other scripts).1. Create a...

How can I prevent my site from being hacked?

Typically, most sites are hacked because of poor passwords, older and exploitable software, or...

Block Bad Bots and Spiders using .htaccess

Below is a useful code block for blocking a lot of the known bad bots and site rippers currently...