A fresh mix of code snippets and tutorials

Block XSS with .htaccess

Quick snippet today that you can add to your .htaccess file to block some common XSS (cross-site scripting) attacks.

To protect against script injections and attempts to modify PHP’s global and request variables, add the following code to your site’s root .htaccess file:

<IfModule mod_rewrite.c>
	RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
	RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
	RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
	RewriteRule .* index.php [F,L]

Remember to backup and test thoroughly.

Learn more

.htaccess made easy