如何使用XSS(cross site scripting)
atacks阻止带有.htaccess
文件的PHP
项目?
You can't configure your server to magically stop XSS attacks. This is something you must do at the application layer, by escaping output properly.
Try this:
# Add Security Headers
<IfModule mod_headers.c>
# Protect against XSS attacks
Header set X-XSS-Protection "1; mode=block"
</IfModule>
1
: Enable XSS Protection
mode=block
: Rather than sanitizing the page, the browser will prevent rendering of the page if an attack is detected.
You can find more security related snippets here
Hope this helps
Try this one, it's working for me :
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule .* index.php [F,L]
</IfModule>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.