httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Apache2 add module help !
Date Wed, 28 Oct 2009 16:50:49 GMT
antoine wrote:
> Hello ,
> 
> Consider that i have an  html , javascript ,  php site.
> 
> My goal is to somehow  modify the html , javascript code before php 
> module does its stuff.
> It is part of a javascript injection defense system. So i want  to mark 
> benign javascript before
> php module adds bad javascript code.
> 
> I first thought that an output filter is the solution but i suppose that 
> in the phase of the output filter
> the chunks of data will be already produced after php code generation ( 
> is that right ) ?? 

Yes

So the attack
> is done and i will mark as benign that bad javascript injection code.
> 
> Is there a way to cope with this by adding a module-filter to apache and 
> not modify php module code ??
> 
Apart from the yes above, I cannot add much, because it is not very 
clear to me what you are trying to achieve, or what you are trying to 
protect against.  You seem to say that it is the php which inserts the 
"bad" javascript code.  But the php runs on your server, so that seems 
to be the right point to protect, and not later try to undo what it 
might have done.  Or do you let any user load its own php stuff onto 
your server, and then just run it ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message