Hi to everyone,
I'm trying to deny typing javascript on the address bar in order to avoid XSS injection.
Everyone talk me to recode all the servlets, packages, etc. to prevent this attacks, but I would like to prevent it with apache directives.
The only one directive I have found to prevent XSS is RewriteRule. I'm trying to rewrite all the URL's containing the character '<' and redirect them to an error page, but I haven't make it work.
I'm not used to write mod_rewrite directives, so I don't really know if my problem is on my RewriteRule syntax or if the is that I can't prevent these attacks with Apache.
I show you my code:
RewriteRule ^<* /error.htm
Has anyone prevented this kind of attacks with mod_rewrite? If not, does anyone know another way to prevent them by Apache?
Thanks in advance