Everybody:
I'm trying to protect my users against the attacks outlined in
http://www.sidesport.com/hijack/
I tried adding a deny url_regex ACL for "\%3Cscript\%20", but it looks
like url_regex ignores the text after ? in a CGI URL.
Is there any way to apply an ACL to the *arguments* of a CGI URL?
What am I missing?
-- John Hardin <johnh@aproposretail.com> Internal Systems Administrator voice: (425) 672-1304 Apropos Retail Management Systems, Inc. fax: (425) 672-0192 ----------------------------------------------------------------------- 2 days until A2K++ session 2 beginsReceived on Sat Jun 02 2001 - 13:02:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:27 MST