Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache Rewrite Rule for OWASP XSS conventions |
|
| Author |
|
vinothgiri
Joined: 13 Aug 2014
Posts: 1
Location: Chennai
|
 Posted: Wed 13 Aug '14 13:52 Post subject: Apache Rewrite Rule for OWASP XSS conventions |
 |
|
I'm new to Apache.
I need to implement prevent XSS attacks by using apache rewrite following rewrite rules for all urls of the domain. can anyone help me out ?
Converting < and > to < and >
Converting ( and ) to ( and )
Converting # and & to # and &
& --> &
< --> <
> --> >
" --> "
' --> ' |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 13 Aug '14 17:36 Post subject: |
|
|
| For Apache itself it is not needed to do stuff like that. If you use a scripting language like PHP you can use a lib. For example https://github.com/JBlond/PHP-XSS-Filter |
|
| Back to top |
|
PipoDeClown
Joined: 20 Dec 2005
Posts: 77
|
| Posted: Wed 13 Aug '14 20:25 Post subject: |
|
|
| Its better to urge the supplier of the webapp to fix their code than to put plaster everywhere. Though to get their cooperation can be a challenge. Or try mod_security |
|
| Back to top |
|
|
|
|
|
|
