Sunday, April 27, 2008

Using .htaccess as a Web App Firewall (WAF)

Wow! This just in from the 'Totally Cool and Amazing Department", ...

Rewrite your .htaccess file to work as a WAF

From the post:

Alright, so I rewrote my .htaccess today. Made it smaller and far better than it previously was. It basically is a miniature webapplication firewall that can help secure your server and applications too. Don't be fooled by it's size, it maybe fit into 1KB, it still protects you from nearly every webapplication attack there is. Even if you have holes, they can't be exploited anymore, and thus prevents future bugs and attacks. A solution doesn't have to be difficult, often the simple ones are the most elegant ones. Well, if you don't believe me, go try it out! Simple!

The entire post is here