URL Filtering for Web Application Security

Larry Price

MoonShadowECommerce

Web Application Security

Web Applications, particularly those available for public use have the following attributes.

They are Exposed to the network. They are Open to receiving input from anyone. They are Vulnerable to attacks from the trivial to the complex. I'm only going to talk about the first two items tonight.

What a URL is.

A URL is a string of characters

Anatomy of a URL

 

http://domain.tld/path/elements.html?variable=value

Tools That Come with Apache

example mod_rewrite usage

ServerName  www.domain.tld
DocumentRoot /data/www/domain.tld
ReWriteEngine on
ReWriteRule ^/images/.*$ - [L]
ReWriteRule ^/graphics/.*\.gif$ - [L]
ReWriteRule ^/([a-zA-Z]*)/(.*)$ /data/svc/endpoint?type=$1&name=$2

Open and Closed Sets

Why People Mess with your site.