Home

Htwall is a collection of htaccess rules crafted to intercept common and pervasive exploits. Htwall is not meant to act as a comprehensive security measure. Let me repeat that in another way. If you are using htwall as your sole security measure then your website is insecure and will suffer malicious intrusions. Htwall is meant to act as an additional layer of security and a sanity check for those situations where one might be desired or when your options are limited by your host or server. Note before using htwall that a large and complicated htaccess file will cause a decrease of performace on your server, as the htaccess file must be compared against every url submission.

There is a high probability that htwall will break some aspect of your application's functionality. Htwall is not particularly forgiving or user friendly and some of htwall's directives can (and will) block legitimate traffic in certain specific conditions. The simplest (and dumbest) method for diagnosing these problems is the brute-force method, delete a line out of the htaccess file and see if the problem is fixed. For the somewhat more difficult and unintuitive solution you'll have to comb through the Directives page to diagnosis your problem.

When contributing rules to htwall make sure to include an additional rule or set of rules that targets ASCII encoded strings when applicable. Additionally, please make a note on the Directives page concerning the rule's targets and any potential consequences of employing it.

Thank you for your interest in htwall.