Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 71558 invoked from network); 15 Jul 2008 14:53:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Jul 2008 14:53:17 -0000 Received: (qmail 11392 invoked by uid 500); 15 Jul 2008 14:53:07 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 11369 invoked by uid 500); 15 Jul 2008 14:53:07 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 11358 invoked by uid 99); 15 Jul 2008 14:53:07 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jul 2008 07:53:07 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: unknown (athena.apache.org: error in processing during lookup of tom@ng23.net) Received: from [195.188.213.8] (HELO smtp-out5.blueyonder.co.uk) (195.188.213.8) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Jul 2008 14:52:12 +0000 Received: from [172.23.170.138] (helo=anti-virus01-09) by smtp-out5.blueyonder.co.uk with smtp (Exim 4.52) id 1KIltK-0004Yf-8k for users@httpd.apache.org; Tue, 15 Jul 2008 15:52:34 +0100 Received: from [82.43.191.151] (helo=limalima.lastminute.com) by asmtp-out2.blueyonder.co.uk with esmtp (Exim 4.52) id 1KIltJ-000207-V5 for users@httpd.apache.org; Tue, 15 Jul 2008 15:52:34 +0100 Message-ID: <487CB9AC.9020003@ng23.net> Date: Tue, 15 Jul 2008 15:52:28 +0100 From: Tom Brown User-Agent: Thunderbird 2.0.0.14 (Macintosh/20080421) MIME-Version: 1.0 To: users@httpd.apache.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: [users@httpd] apache > iis asp > mssql Hi I have apache sat in front of some IIS servers to do some logging, they just pass the request over to IIS. I have an issue where there are sql injection attacks coming through and i wonder at the URL level can i filter these out and thrown them away at the apache level. I am checking through but it seems that 'VARCHAR' is being used in the attack but not in any valid URL - Is there any rewrite or similar to be able to mitigate this? thanks --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org