NYCPHP Meetup

[nycphp-talk] preg_match and pattern matching

csnyder chsnyder at gmail.com
Sat Nov 22 10:24:14 EST 2008


On Sat, Nov 22, 2008 at 9:24 AM,  <mikesz at qualityadvantages.com> wrote:
> Hello and Greetings,
>
> I have just been reviewing a script that says its a PHP firewall. It
> is using an array with 250 elements that are all basically subsets of
> code and injections that hackers use to break into sites. I could
> easily take this array and create a preg_match test but was wondering
> at what point pattern matching gets unmanageable or impractical. This
> script looks a lot like .htaccess using mod rewrite to block badguys.
>
> I would appreciates some feedback on this, what is the rest of the
> world using to block or intercept bad guy injection attacks?
>

modsecurity
http://www.modsecurity.org/

Their site is oddly short on explanation. It's an open source Apache
module that does what your pho script is trying to do, and probably a
lot more. Aka WAF, web application firewall.



More information about the talk mailing list