Hello everyone, I'm Zuo Yi.
I have a little research on Web servers!
This rule controls user capabilities and uploads data to websites.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-Site Upload Rules # This rule is needed to allow upload to the sites SecFilterSelective HTTP_Content-Type" multipart/form-data "" allow "</span> ## # upload at mingke site # rules, this rule must be uploaded to the website secfilterselectivehttp_content type "multipart/form-data", "allow" </span>
These rules filter out attempts to inject unauthorized SQL statements into request parameters.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-SQL Injection # Classic injection protection SecFilter" # Very crude filters to prevent SQL injection attacks # SecFilter "delete [[: space:] + from "# SecFilter" insert [[: space:] + into "# SecFilter" update [[: space:] + set "# SecFilter" select. + from "# ms SQL specific SQL injection attacks SecFilter character SecFilter xp_character shell SecFilter character xp_regwrite SecFilter character </span> # name section SQL injection # classic injection Protection Program" "secfilter" "# rough filter, to prevent SQL injection attacks # secfilter "Delete [: space:] +" # secfilter "insert [: space:] +" # secfilter "Update [: space:] + set "# secfilter. + "# explain specific SQL injection attacks in mssql </span>
These rules filter out request parameters that attempt to input scripts without authorization.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-Cross Site Scripting # XSS attacks SecFilter" <[: space:] * script "# Weaker XSS protection (allows common HTML tags) SecFilter" <[: space:] * script "</span >### section -- Cross-Site Scripting # xss attack secfilter" <[: Space:] * script "# relatively weak xss protection (allowscommonHTML tag) secfilter "<[: Space:] * script" </span>
These filters out attempts to illegally traverse the host system.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-Path Traversal SecFilter ".. /"SecFilterSelective" THE_REQUEST "" % 25% "</span >## secret path secfilter ".. /"secfilterselective" the_request "" 25% "</span>
These filters out attempts to establish a connection through a non-standard user proxy.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-Request Validation # Here we just want to be sure that the post is from a browser. </span> ### section-request verification # Here, we only want to ensure that the post is from a browser. </span> <span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left "> SecFil TerSelective REQUEST_METHOD "! ^ GET $ "chain SecFilterSelective HTTP_Content-Type "! (^ $ | ^ Application/x-www-form-urlencoded $ | ^ multipart/form-data) "SecFilterSelective REQUEST_METHOD" ^ POST $ "chain # SecFilterSelective HTTP_Content-Length" ^ $ "SecFilterSelective Co., HTTP_Transfer-Encoding "! ^ $ "</Span> secfilterselectiverequest_method "! ^ Get $ "chain secfilterselectivehttp_content "! (^ $ | ^ Application/x-www-form-urlencoded $ | ^ multipart/form-data) "secfilterselectiverequest_method" ^ "# secfilterselectivehttp_content length" ^ $ "secfilterselectivehttp_transfer encoding "! ^ $ "</Span>
These filters out information that tries to test the host system.
<Span onmouseover = "_ tipon (this)" onmouseout = "_ tipoff ()"> <span class = "google-src-text" style = "direction: ltr; text-align: left ">### Section-Probes # Force user agent and http host SecFilterSelective" HTTP_USER_AGENT | HTTP_HOST "" ^ $ "# Common probing requests SecFilterSelective" REQUEST_URI | REQUEST_METHOD "" TRACE" secFilterSelective "REQUEST_URI | REQUEST_METHOD" "TRACK" SecFilterSelective "REQUEST_U RI | REQUEST_METHOD "" OPTION "# SecFilterSelective" REQUEST_URI | REQUEST_METHOD "" HEAD "# Probing of users SecFilterSelective" REQUEST_URI | REQUEST_METHOD ""~ "# Default CGI probind SecFilterSelective" THE_REQUEST ""/cgi-bin/printenv | cgi-bin/test-cgi "</span> ### probes ## Force user agent and http host authorization "http_user_agent | http_host" "^ $" # discuss secfilterselective "request_uri | request_method" "tracking" login "request_uri | request_method" "track" login "request_uri | request_method" "option" # secfilterselective "request_uri | request_method" "Header" # test the user secfilterselective "r Equest_uri | request_method ""~ "# Default CGIprobindsecfilterselective" the_request ""/cgi-bin/printenv | cgi-bin/test-cgi "</span>
If you do not write well, You can criticize me! Can send me mail: ttvv110@qq.com my QQ404523035