- - Code, Content, and Presentation
- -- Apache Web Server
- ---- Apache: Mod Rewrite Exploit: Patch Your Servers Now To 2.2.3
MatthewHSE - 3:37 pm on Jul 31, 2006 (gmt 0)
|You should probably do the upgrade, but if you can't for technical reasons, then at least disable all the rules that start with a $1 and do not include the above flags.. |
I don't know mod_rewrite enough to understand what rules are safe and what ones aren't. With mod_rewrite syntax...
RewriteRule Pattern Substitution [Flag(s)]
...may I assume that $1 can appear anywhere in the rule as long as you don't put it at the very start of the Substitution section?
If so, all my sites are safe as I've never used a rewrite rule in that way in my life and can't even think of an instance where it would be helpful.
[edited by: MatthewHSE at 3:38 pm (utc) on July 31, 2006]
Thread source: http://www.webmasterworld.com/apache/3026171.htm
Brought to you by WebmasterWorld: http://www.webmasterworld.com