[nycphp-talk] preg_match and pattern matching

csnyder chsnyder at
Sat Nov 22 10:24:14 EST 2008

On Sat, Nov 22, 2008 at 9:24 AM,  <mikesz at> wrote:
> Hello and Greetings,
> I have just been reviewing a script that says its a PHP firewall. It
> is using an array with 250 elements that are all basically subsets of
> code and injections that hackers use to break into sites. I could
> easily take this array and create a preg_match test but was wondering
> at what point pattern matching gets unmanageable or impractical. This
> script looks a lot like .htaccess using mod rewrite to block badguys.
> I would appreciates some feedback on this, what is the rest of the
> world using to block or intercept bad guy injection attacks?


Their site is oddly short on explanation. It's an open source Apache
module that does what your pho script is trying to do, and probably a
lot more. Aka WAF, web application firewall.

More information about the talk mailing list