HOWTO avoid sql injection

a) windows server eigene ip von aussen nicht erreichbar
b) unix - apache vor windows server
c) interner host name im iis dazu ( zB irgendwas.loc )
d) unix /etc/hosts + zeile:  IP(windowsServer)   irgendwas.loc

e) apache conf:

	<VirtualHost 192.168.3.5:80>
		ServerName www.irgendwas.at
		ServerAlias irgendwas.at

		ServerAdmin administrator@irgendwas.at

		RedirectMatch permanent ^.*\.(exe|dll|ida).* http://127.0.0.1
		RedirectMatch permanent /_vti_.* http://127.0.0.1

		
			Options -Indexes

			ProxyPass http://irgendwas.loc/
			ProxyPassReverse http://irgendwas.loc/

			Order Deny,Allow
			Deny from all
			Allow from all

		

		RewriteEngine On

		RewriteCond %{QUERY_STRING}     \
			(;|%3B)((\s|%20)+)?(ALTER|DECLARE|DROP|CREATE|SET|SELECT|INSERT|UPDTE|DELETE|CAST|CONVERT|EXEC|EXECUTE)   [NC,OR]
		RewriteCond %{QUERY_STRING}     \
			(CAST|CONVERT|EXEC)((\s|%20)+)?(\(|%28)   [NC]

		RewriteRule (.*) http://127.0.0.1$1  [L,F,R=403]

		RewriteLogLevel 0
		RewriteLog /var/log/httpd/irgendwas-rewrite.log

		CustomLog /var/log/httpd/irgendwas-access.log combined
		ErrorLog /var/log/httpd/irgendwas-error.log
	</VirtualHost>