Hacker News new | past | comments | ask | show | jobs | submit login

You can make good http(s) firewalls (albeit not fast as a IP one) against threats.

Needs to add more to this, especially configs against SQL injections and other hacks.




Actually, I dont' think that is the webserver's job.

Relying on your webserver to protect you against SQL injection is probably not what you want to do. The webserver has no knowledge at all about what kind of program you run behind it. You would need to teach it everything about what you're doing.

Seriously, you are much better off just using prepared statements everywhere than trying to teach a webserver the finer points of your particular combination of SQL and the language you use. It's like parsing HTML with regular expressions. It might hold up for a while or for certain tasks, but will explode quite unexpectedly at some later point.


That's true, but sometimes (especially with completely naive or old PHP) 'using prepared statements everywhere' means 'rewriting everything.' In those cases, htaccess might be the only flexible option you have until you can.


Consider ModSecurity with the Core Rule Set (or Trustwave Commercial Rule Set) instead of attempting to repurpose .htaccess files as a substitute WAF.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: