Webserver-level mitigations for CVE-2023-23752
From Joomla! Documentation
Errors reported[edit]
I want to mitigate the issue fixed in 4.2.8 (CVE-2023-23752) using webserver-level measures like mod_security or mod_rewrite - how to do that?
Versions affected[edit]
General Information
This pertains only to Joomla! version(s): 4.0.0 - 4.2.7
How to fix[edit]
mod_rewrite[edit]
Add the following rule to the .htaccess file in your website root:
RewriteCond %{QUERY_STRING} public=
RewriteRule api/?. - [F]Kudos to Nicholas Dionysopoulos for providing this rule.
mod_security[edit]
SecRule REQUEST_URI "api/index.php/v1/" "chain,id:002370,t:lowercase,t:urlDecodeUni"
SecRule ARGS_GET_NAMES "^public$"