Preventing Attacks
¾«¶«´«Ã½
Terms that Should Not Be Used in URL Paths, Directory Names & Sometimes, in Content
Do not use the following terms in folder names or in file names (see below), and edit existing names to remove the terms. Combinations of terms in content areas that could trigger problems will now be blocked by our firewall. Drupal editors will receive an error message when saving the file being edited. Remove the prohibited terms, and it should be possible to save the file.
| Symbols | Words, Word Variants, Word Fragments | Mathematical Conditions | |
| ' (quotation mark) | backup | restore | No mathematical relationships expressed as something=something, such as abc=abc or any condition that's always true, such as 1=1. For this search, use the = as your search term, and review everything before and after it to make sure they are not identical terms. |
| ~ (tilde) | cast | select | |
| | (pipe) | create | sp_ | |
| ; (semicolon) | declare | tab | |
| /* (forward slash asterisk) | delete | table | |
| \* (back slash asterisk) | drop | truncate | |
| -- (double hyphen) | dump | union | |
| exec | update | ||
| from | varchar | ||
| insert | where | ||
| into | xp_ | ||
Folder Name Protocols
Folder names become the directory structure of the URL.
- Lowercase characters only, so no title case or camel case.
- No spaces, hyphens or underscores.
- Limit to 20 characters. (Don't confuse file naming with page titles. Page titles show on the page, and can be considerably longer.)
File Name Protocols
The file names makes up the end of the URL, after the last directory slash.
- Lowercase characters only, so no title case or camel case.
- Limit to 30 characters. (Don't confuse file names with asset names or with page titles. Page titles show on the page, and can be considerably longer.)
- No spaces: Use underscore (_) or dash (-) instead.
- With the exceptions of the underscore and dash, do not use special characters or punctuation marks.
Asset Name Protocols
The asset name becomes the page breadcrumb, and the left navigation link for items that link via left navigation.
- Use title case, with spaces.
- It should not include the file extension.
- Limit to 64 characters.
Page & Metadata Title Conventions
- Titles are limited to 64 characters.
- Search engine titles are limited to 255 characters.
