

Ronald van den Heetkamp's Webapplication Firewall. - chaostheory
http://www.0x000000.com/?i=558

======
jrockway

      RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
      RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
      RewriteCond %{HTTP_USER_AGENT} ^.*(libwww|curl|wget|python|nikto|scan).* [NC,OR]
    

Yeah, that ought to stop all those crazy h4ck3r5... for about 3 seconds until
they change their user agent to firefox. It's always a bad idea to trust user-
provided data. How does this help your security?

~~~
michaelneale
I use ruby so I guess I am ok ;) Oh noes - he may pick up on it !

------
nertzy
I'm wary of any one-size-fits-all solutions.

However, someone with intimate knowledge of how their web application works
ought to consider doing some of these things on a case-by-case basis.

I would avoid anything dealing the with User-Agent at all, because you never
know if two years from now the most popular web browser will be called Mozilla
WebHarvest or something weird like that.

------
Erwin
See also <http://www.modsecurity.org/> (which now seems to have a very
professional web site but still seems open source).

