Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

.htaccess problem with Anti XSS


Guest

Recommended Posts

I'm back. When I installed the Anti XSS scripts, certain images are disappearing from the shop.

For example, when selecting my account the "continue" and "sign up" buttons show broken images.

 

SSL is not turned on right now (not a live shop) if that matters.

 

I tried to google for solution, but didn't see one offhand.

 

Here are the scripts:

 

# anti xss script 1 - pci compliance - by pixclinic
Options +FollowSymLinks
RewriteEngine On 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# extra anti uri and xss attack script 2 - sql injection prevention
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteRule (,|;|<|>|'|`) /log.php [NC]

 

 

Any help would be appreciated. Thank you in advance.

Link to comment
Share on other sites

sorry the site is the site in question

 

look under new items now, I backed it out and refreshed my account so it is no longer showing there.

 

also there was no index_error.php, so I changed that to log.php (which is there)

 

thanks and sorry for the bump

Link to comment
Share on other sites

sorry the site is the site in question

 

look under new items now, I backed it out and refreshed my account so it is no longer showing there.

 

also there was no index_error.php, so I changed that to log.php (which is there)

 

thanks and sorry for the bump

 

anyone?

Link to comment
Share on other sites

This is just FYI, then I'll let the thread die.

This script also prevented me from logging into the store.

 

I'll post if I find anything else out.

Link to comment
Share on other sites

The scripts can cause this hiccup: click me

 

That probably has nothing to do with your problem, but I thought you should be made aware.

;)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...