Created
January 24, 2011 18:35
-
-
Save gsherman/793678 to your computer and use it in GitHub Desktop.
example of a web config that uses the URL rewrite module to block potentially dangerous querystring. works on IIS7 and classic asp.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<configuration> | |
<system.webServer> | |
<!-- | |
Block potentially dangerous querystrings. | |
Requires the IIS7 URL Rewrite Module, available from: http://www.iis.net/download/urlrewrite | |
--> | |
<rewrite> | |
<rules> | |
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true"> | |
<match url="*" /> | |
<conditions logicalGrouping="MatchAny"> | |
<add input="{QUERY_STRING}" pattern="*<*>*" /> | |
<add input="{QUERY_STRING}" pattern="javascript" /> | |
</conditions> | |
<action type="CustomResponse" statusCode="403" statusReason="A potentially dangerous Request.QueryString value was detected from the client." statusDescription="The URL contains potentially unsafe characters." /> | |
</rule> | |
</rules> | |
</rewrite> | |
</system.webServer> | |
</configuration> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi friends, researching various topics here and elsewhere about friendly urls,
You didn't find what I need and couldn't adapt either.
And so:
I have a site that contains an original URL like this: jornadadepodologia.com.br/cursos-detalhes.asp?id_curso=82&curso_nome=ONLINE-PROCEDIMENTOS-PODOLOGICOS-EM-UNHAS-MICOTICAS
I was able to put together an url like this: jornadadepodologia.com.br/new/ONLINE-PROCEDIMENTOS-PODOLOGICOS-EM-UNHAS-MICOTICAS-idpllq82
where "-idpllq82" is the course parameter identifier.
Here's how I can extract the ID that is 82 through SPLIT in ASP.
I would like a URL to be created like this: jornadadepodologia.com.br/ONLINE-PROCEDIMENTOS-PODOLOGICOS-EM-UNHAS-MICOTICAS
but you need to pass the "course_id" parameters to the courses-details.asp page without appearing in the url, leaving a url as above.
Can someone help me.
I thank you for your help.