Malicious request can come in the form of user agent string, referrer or cookie. To prevent being pawned by zero day attacks such as Shellshock, I have created a whitelist of characters for user agent string:
a-zA-Z0-9,.:;?/ ~!@()+_-
Is the above useful and effective? Also, does anyone have a list of acceptable characters for referrer, cookie, request URI and query string?
Aucun commentaire:
Enregistrer un commentaire