-
-
Save claudiomartinez123/60d520b2b601045f67452c327ba74910 to your computer and use it in GitHub Desktop.
example of a web config that uses the URL rewrite module to block potentially dangerous querystring. works on IIS7 and classic asp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<configuration> | |
<system.webServer> | |
<!-- | |
Block potentially dangerous querystrings. | |
Requires the IIS7 URL Rewrite Module, available from: http://www.iis.net/download/urlrewrite | |
--> | |
<rewrite> | |
<rules> | |
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true"> | |
<match url="*" /> | |
<conditions logicalGrouping="MatchAny"> | |
<add input="{QUERY_STRING}" pattern="*<*>*" /> | |
<add input="{QUERY_STRING}" pattern="javascript" /> | |
</conditions> | |
<action type="CustomResponse" statusCode="403" statusReason="A potentially dangerous Request.QueryString value was detected from the client." statusDescription="The URL contains potentially unsafe characters." /> | |
</rule> | |
</rules> | |
</rewrite> | |
</system.webServer> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment