Guest Posted February 19, 2009 Share Posted February 19, 2009 I'm back. When I installed the Anti XSS scripts, certain images are disappearing from the shop. For example, when selecting my account the "continue" and "sign up" buttons show broken images. SSL is not turned on right now (not a live shop) if that matters. I tried to google for solution, but didn't see one offhand. Here are the scripts: # anti xss script 1 - pci compliance - by pixclinic Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # extra anti uri and xss attack script 2 - sql injection prevention Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (java script:).*(;).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC] RewriteRule ^(.*)$ log.php [NC] RewriteRule (,|;|<|>|'|`) /log.php [NC] Any help would be appreciated. Thank you in advance. Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2009 Share Posted February 19, 2009 sorry the site is the site in question look under new items now, I backed it out and refreshed my account so it is no longer showing there. also there was no index_error.php, so I changed that to log.php (which is there) thanks and sorry for the bump Link to comment Share on other sites More sharing options...
Guest Posted February 19, 2009 Share Posted February 19, 2009 sorry the site is the site in question look under new items now, I backed it out and refreshed my account so it is no longer showing there. also there was no index_error.php, so I changed that to log.php (which is there) thanks and sorry for the bump anyone? Link to comment Share on other sites More sharing options...
Guest Posted February 20, 2009 Share Posted February 20, 2009 This is just FYI, then I'll let the thread die. This script also prevented me from logging into the store. I'll post if I find anything else out. Link to comment Share on other sites More sharing options...
germ Posted February 21, 2009 Share Posted February 21, 2009 The scripts can cause this hiccup: click me That probably has nothing to do with your problem, but I thought you should be made aware. ;) If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there > Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.