> I do declare that keyword matching alone has issues :-) Yeah, that can really bite you in the butt!
We've been having pretty good results with the tool that is posted over at my site. It does a fairly decent job of catching most injection and XSS attacks and with some recent updates that I made to it, has a low rate of false positives. While it doesn't include any IP blocking or monitoring functions, it would be pretty easy to add those if desired. You may need to tweak it a tad for your specific application, but it's pretty easy code to work with. http://www.cfwebstore.com/index.cfm?fuseaction=page.download&downloadID=18 --- Mary Jo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:329804 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4