I just want to limit the amount of parameters that nginx/apache allows to pass. For example: if someone tries to access a link like test.php?arg1=value&arg2=value&arg3=value
give them a 404 error or 403 it doesn't matter. If the URL contains more than two arguments/parameters it should be blocked by the webserver. Is there a way to achieve this task ? I've tried something for Apache htaccess but with no success. I'm talking about limiting the amount of parameters for the entire website not just one page/file.
RewriteCond %{QUERY_STRING} (([a-z]+){3,})=(.*) [NC]
RewriteRule (.*) /404.php? [R=404,L]
Can this thing be done for Apache and Nginx ?
A simplistic approach would be to limit the number of &
characters in the $args
string.
If there are only two parameters, there is usually only one &
to join them, so the sequence &.*&
should not exist.
For example:
if ($args ~ "&.*&") { return 403; }
See this caution on the use of if
.
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加