Prevent XSS attacks with .htaccess
Question
如何使用XSS(cross site scripting) atacks阻止带有.htaccess文件的PHP项目?
3 answers
solution1
2 2014-03-06 20:24:30
You can't configure your server to magically stop XSS attacks. This is something you must do at the application layer, by escaping output properly.
solution2
0 2018-04-04 18:43:01
Try this:
# Add Security Headers
<IfModule mod_headers.c>
# Protect against XSS attacks
Header set X-XSS-Protection "1; mode=block"
</IfModule>
1: Enable XSS Protectionmode=block: Rather than sanitizing the page, the browser will prevent rendering of the page if an attack is detected.
You can find more security related snippets here
Hope this helps
solution3
0 2018-04-24 13:45:23
Try this one, it's working for me :
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
CakePHP : Prevent XSS attacks
Need to prevent XSS attacks?
Prevent XSS attacks
Prevent SQL injection and XSS attacks
New Way To Prevent XSS Attacks
Prevent from XSS attacks when echoing variables
Use PHP to prevent XSS attacks within an image
PHP: How to totally prevent XSS attacks?
Does https secure cookies prevent XSS attacks?
How to output HTML but prevent XSS attacks
Related Tags