[Resolved]HTAccess rewrite errors in LSAPI logs

Discussion in 'General' started by jp0p!, Sep 20, 2010.

  1. jp0p!

    jp0p! New Member

    Hi,
    I have the following rewrite rule in the htaccess file for each account on my LiteSpeed server but I am getting errors reported in the logs. I believe this rewrite is ok in Apache.

    Code:
    RewriteCond %{QUERY_STRING} ^.* (globals|encode|request|union|select|insert|cast|set|declare|drop|update|md5|benchmark|loopback).* [NC,OR]
    The errors I receive are:
    [[HTAccess]] rewrite: '[' is expected while parsing: RewriteCond %{QUERY_STRING} ^.* (globals|encode|request|union|select|insert|cast|set|declare|drop|update|md5|benchmark|loopback).* [NC,OR]
    [[HTAccess]] rewrite: invalid rewrite condition while parsing: RewriteCond %{QUERY_STRING} ^.* (globals|encode|request|union|select|insert|cast|set|declare|drop|update|md5|benchmark|loopback).* [NC,OR]


    Should I be doing something different to help block these exploits?
    Last edited by a moderator: Sep 21, 2010
  2. NiteWave

    NiteWave Administrator

    there is a extra space in the string:
    remove it and works.

    it can be simplified as
    Code:
    RewriteCond %{QUERY_STRING} globals|encode|request|union|select|insert|cast|set|declare|drop|update|md5|benchmark|loopback [NC,OR]
  3. jp0p!

    jp0p! New Member

    Ah, wonderful! thanks!

Share This Page