-
☆ A M B ☆
- 3,112 Posts
You can try to change the
"request_param_alias" parameter in System Settings, and edit your
htaccess to follow the value.
RewriteRule ^(.*)$ index.php?typeYourNewParamAliasHere=$1 [L,QSA]
Make it random and hard to guess.
Rico
Genius is one percent inspiration and ninety-nine percent perspiration.
Thomas A. Edison
MODx is great, but knowing how to use it well makes it perfect!
www.virtudraft.com
Security, security, security! |
Indonesian MODx Forum |
MODx Revo's cheatsheets |
MODx Evo's cheatsheets
Author of
Easy 2 Gallery 1.4.x,
PHPTidy,
spieFeed,
FileDownload R,
Upload To Users CMP,
Inherit Template TV,
LexRating,
ExerPlan,
Lingua,
virtuNewsletter,
Grid Class Key,
SmartTag,
prevNext
Maintainter/contributor of
Babel
Because it's hard to follow all topics on the forum, PING ME ON TWITTER
@_goldsky if you need my help.
-
☆ A M B ☆
- 3,141 Posts
That changes the name of the parameter used by friendly URLs. When you normally request /contact.html, what MODX sees is index.php?q=contact.html. The changes goldsky suggests changes that to index.php?typeYourNewParamAliasHere=contact.html.
I'm honestly not sure what that has to do with the hacks mentioned in this topic.
The only reason I can think of to change that setting is if you're trying to use 2 different CMSs that both use the q parameter, from the same index.php file, which would be.. interesting and oddly specific.
I can imagine an attack that involves a direct call to index.php targeting a specific extra file. Changing the 'q' would protect against that, but I don't think attacking in that way would be any more effective than just using the URL for the file without going through index.php.