Hi everyone at webmaster-talk. This is my first post. Here is my dilema.
I am currently working to bring my websites non-production server into PCI compliance. I have resolved all issues and vulnerabilities i got from hacker safe save for this one:
try entering this into your address bar:
http://64.57.246.177/x%27%3B%22%2C%2...0-00548-00.htm
this will throw a MySQL error. Whats the problem with that you ask?
Well there is no folder on my site named: x%27%3B%22%2C%29%60 or its unencoded equivalent: x';",)`
Thus what it should be throwing is the 404 not found error.
Based on this I have to find a way to validate the URL on the server side before any pages whatsoever are loaded. (adding a redirect to the garmin_dogtracking_astro_etc...htm page is out as this is one of about 1000 product pages.
I think this could be done using maybe the <Location> directive in the .htaccess file or maybe mod_rewrite, although that is about as far as i got before i got completely lost in the Apache manual.
Basically I'm looking for a way to validate the URL before any pages have been loaded. Lemme know what you all think and happy tuesday.

What HTTP response does the URL return (without the redirect of course)?

Is there any URL rewriting in place already?

Thank you for your interest chrishirst, I have actually just found the answer to this one in the last half hour so I will post it now.

I added the following to my root level .htaccess file:

# Redirect any bad urls to fixed pages.
RewriteCond %{THE_REQUEST} x%27%3B%22%2C%29%60
RewriteRule ^(.*)/(.*)$ http://64.57.246.177/$2? [R=301,L]

Basically all this redirect does is searches for the bad string that was found in the original URL and cuts it out, it is specific to that bad string and will not work with any other bad strings, nor does it search the site to see if the content is actually there. The reason It had to be this way is somehow i was throwing mysql errors even though the path it was requesting shouldn't have existed. Hope this will help somebody. As far as me helping anyone else to use the mod_rewrite directive, I'm probably not much help as these two lines of code took me two days to get right. But I will keep an eye out for other mod_rewrite and .htaccess questions as I have at least a little better understanding of them now.
Thank you again for your interest, I'll continue blogging