Hi folks First time poster. I recently became aware that hackers were able to include scripts in my URLs that would run (when reflected back to the client web browser).
Is there a simple configuration in Apache that allows me to apply strict rules to the URLs that would stop this happening? Alternatively, is there something I have opened / allowed that enables this? For example: https://sobs.com.au/ui/appwaz.php/jiwzk%22onload%3d%22alert(1)%22tyysj Hope you can help. Cheers Murray -- Murray Collingwood Focus Computing Australia ph 07 3175 0575 New Zealand ph 03 928 1699 http://www.focus-computing.com.au