How to create a simple application firewall with mod_rewrite

Sometimes you may not be able to install a full application firewall package to stop attacks, here's how to create a simple application firewall just using mod_rewrite on apache.

First create a config file with your firewall rules in the apache config dir called app_firewall.conf:

#begin app_firewall.conf

#stop track/trace requests
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

#stop example xss vuln
RewriteCond %{THE_REQUEST} /vuln.php
RewriteCond %{QUERY_STRING} var=&lt;script&gt;
RewriteRule .* - [F]

#end app_firewall.conf

This file will need to be included in your httpd.conf file using:

Include conf/app_firewall.conf

It will also need to be included in all your virtual hosts.

Then restart apache and test. Matching URLs will be given a 403 error.

Last updated: 26/09/2006