Forum
How to use "DenyBody" option
Samiux
15 November 2009, 22:24
Hiawatha version: 6.17.1
Operating System: Ubuntu 9.10
After searching for the site, there is no instruction about how to use "DenyBody" option in the latest version of Hiawatha 6.18.
By the way, any idea for the upgrade from 6.17.1 to 6.18?
Samiux
Hugo Leisink
15 November 2009, 22:30
How the DenyBody options is used, is described in the manual page (just updated the online manual pages).
Use it inside for a (virtual) host section:
If the request body matches the regular expression, the request is denied and a 403 will be send to the client. What regular expression you should use, depends on the vulnerablility of your website. The following example will block requests which inject javascript on a forum or guestbook:
Use it inside for a (virtual) host section:
VirtualHost {
...
DenyBody = <regular expression>
}
If the request body matches the regular expression, the request is denied and a 403 will be send to the client. What regular expression you should use, depends on the vulnerablility of your website. The following example will block requests which inject javascript on a forum or guestbook:
DenyBody = ^.*%3Cscript.*%3C%2Fscript%3E.*$
Samiux
16 November 2009, 12:28
Hugo,
Thanks for your tutorial.
Can I use multiple of "DenyBody"? Such as :
DenyBody = <regular expression #1>
DenyBody = <regular expression #2>
..... and so on
Samiux
Thanks for your tutorial.
Can I use multiple of "DenyBody"? Such as :
DenyBody = <regular expression #1>
DenyBody = <regular expression #2>
..... and so on
Samiux
Hugo Leisink
16 November 2009, 23:41
Yes you can.
Samiux
17 November 2009, 01:19
My Hiawatha upgraded to 6.18 successfully. Thanks for your hard work! 
Hugo Leisink
17 November 2009, 05:21
You're wecome. 
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
