.HTACCESS PCFG_OPENFILE: UNABLE TO CHECK HTACCESS FILE, ENSURE IT IS READABLE 0

Posted December 10, 2009

If your running across this error in your error logs, there may be a simple solution for you.

This 403 error is usually caused by having AllowOverride set to All.

You can either fix this by Chmod’ding all your files to 644 (not very elegant) or paste the following into your apache conf file, replacing your “AllowOverride all” rule:

AllowOverride none
Order deny,allow
Allow from none

Just a quick tip, but hope this can save you some time!

Added SQL Injection attack protection with Rewrite Rules 5

Posted June 7, 2008

Sure you can protect against SQL injection attacks at the code layer, but what happens when hackers find something you missed? With Rewrite Rules, using mod_rewrite on apache or ISAPI_Rewrite for IIS, you can add rules to ignore URL based SQL Injection all together. Below is and example of some basic protection you can add.

In ISAPI_Rewrite

RewriteRule .*DECLARE.* /security-violation.htm [I]
RewriteRule .*NVARCHAR.* /security-violation.htm [I]
RewriteRule .*INSERT .* /security-violation.htm [I]
RewriteRule .*INSERT %20.* /security-violation.htm [I]
RewriteRule .* xp_.* /security-violation.htm [I]
RewriteRule .*%20xp_.* /security-violation.htm [I]
RewriteRule .*%20@.* /security-violation.htm [I]
RewriteRule .* @.* /security-violation.htm [I]
RewriteRule .*@%20.* /security-violation.htm [I]
RewriteRule .*@ .* /security-violation.htm [I]
RewriteRule .*';* /security-violation.htm [I]
RewriteRule .*EXEC\(@.* /security-violation.htm [I]
RewriteRule .*sp_password.* /security-violation.htm [I]
RewriteRule /security-violation.htm /security.cfm[I,L]

In mod_rewrite

RewriteRule .*DECLARE.* /security-violation.htm [NC]
RewriteRule .*NVARCHAR.* /security-violation.htm [NC]
RewriteRule .*INSERT .* /security-violation.htm [NC]
RewriteRule .*INSERT %20.* /security-violation.htm [NC]
RewriteRule .* xp_.* /security-violation.htm [NC]
RewriteRule .*%20xp_.* /security-violation.htm [NC]
RewriteRule .*%20@.* /security-violation.htm [NC]
RewriteRule .* @.* /security-violation.htm [NC]
RewriteRule .*@%20.* /security-violation.htm [NC]
RewriteRule .*@ .* /security-violation.htm [NC]
RewriteRule .*';* /security-violation.htm [NC]
RewriteRule .*EXEC\(@.* /security-violation.htm [NC]
RewriteRule .*sp_password.* /security-violation.htm [NC]
RewriteRule /security-violation.htm /security.cfm[NC,L]

Add security.cfm to your webroot:

<cfoutput>
 
<h1>
HACK ATTEMPT LOGGED FROM IP: #remote_addr# 
</h1>
 
#DateFormat(Now(), "MM-DD-YYYY")# @ #TimeFormat(Now(), "HH:MM:SS")#
 
#script_name#&#query_string#
 
</cfoutput>
 
<cfmail to="Sysadmin" from="Your Website" subject="HACK ATTEMPT FROM IP: #remote_addr#">
 
HACK ATTEMPT RECORDED:
 
#DateFormat(Now(), "MM-DD-YYYY")# @ #TimeFormat(Now(), "HH:MM:SS")#
 
IP: #remote_addr#
 
ATTEMPT:
 
http://#server_name##script_name#&#query_string#
</cfmail>
<cfabort>

Get Adobe Flash playerPlugin by wpburn.com wordpress themes