On 02/06/05 17:08 +0400, ArkanoiD wrote:
> nuqneH,
> Are there any hints on preventing cross-site scripting attacks and
> SQL injection on proxy firewall by, say, applying some regexps on url data?

XSS primarily uses ECMAscript and/or VBscript as attack vectors to
attack the browser.
SQL injection is a server side attack. It has nothing to do with XSS
other than being one of the most popular HTTP based attacks.

So for client applications (browsers, etc), just strip the ECMAscript.
Trying to defend remote servers from SQL injection attacks from your
clients promises to be hard (if not impossible).

Devdas Bhagat
firewall-wizards mailing list