92
voted
Fancy name isn't it. I just invented it on the spot, it actually has to do with my new .htaccess I use. I've written this over the weekend and tried to make it as small as possible. How about 17 lines that can save you a lot of headaches. I've used a similar system for a long time and it really works. SQL injection, HTML and Javascript injection is impossible this way. Sure, you can inject Swahili. But you can't launch an attack, and that is the whole point. I am no fan of intrusion detection systems alone. Most of them generate only logs and often they don't block the request. read more »
