diff --git a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
index f9cb973..03b9d95 100644
--- a/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
+++ b/http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php
@@ -51,6 +51,12 @@ if (sizeof($this->aliases)) {
 
 <IfModule mod_rewrite.c>
   RewriteEngine on
+
+  # Mitigation for https://www.drupal.org/SA-CORE-2018-002
+  RewriteCond %{QUERY_STRING} (.*)(23value|23default_value|element_parents=%23)(.*) [NC]
+  RewriteCond %{REQUEST_METHOD} POST [NC]
+  RewriteRule ^.*$  - [R=403,L]
+
 <?php
 if ($this->redirection) {
   print " # Redirect all aliases to the selected alias.\n";
diff --git a/http/Provision/Config/Apache/vhost.tpl.php b/http/Provision/Config/Apache/vhost.tpl.php
index e724bd7..476df31 100644
--- a/http/Provision/Config/Apache/vhost.tpl.php
+++ b/http/Provision/Config/Apache/vhost.tpl.php
@@ -37,6 +37,12 @@ if (sizeof($this->aliases)) {
 
 <IfModule mod_rewrite.c>
   RewriteEngine on
+
+  # Mitigation for https://www.drupal.org/SA-CORE-2018-002
+  RewriteCond %{QUERY_STRING} (.*)(23value|23default_value|element_parents=%23)(.*) [NC]
+  RewriteCond %{REQUEST_METHOD} POST [NC]
+  RewriteRule ^.*$  - [R=403,L]
+
 <?php
 if ($this->redirection || $ssl_redirection) {
 
diff --git a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
index 41a5e17..8e2a458 100644
--- a/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
+++ b/http/Provision/Config/Nginx/Inc/vhost_include.tpl.php
@@ -70,6 +70,20 @@ if ($main_site_name = '') {
   set $main_site_name "$server_name";
 }
 
+# Mitigation for https://www.drupal.org/SA-CORE-2018-002
+set $rce "ZZ";
+if ( $query_string ~* (23value|23default_value|element_parents=%23) ) {
+  set $rce "A";
+}
+
+if ( $request_method = POST ) {
+  set $rce "${rce}B";
+}
+
+if ( $rce = "AB" ) {
+  return 403;
+}
+
 <?php if ($nginx_config_mode == 'extended'): ?>
 set $nocache_details "Cache";
 
diff --git a/http/Provision/Config/Nginx/subdir.tpl.php b/http/Provision/Config/Nginx/subdir.tpl.php
index a45b88d..90f5028 100644
--- a/http/Provision/Config/Nginx/subdir.tpl.php
+++ b/http/Provision/Config/Nginx/subdir.tpl.php
@@ -97,6 +97,20 @@ if ($subdir_main_site_name = '') {
   set $subdir_main_site_name "$server_name";
 }
 
+# Mitigation for https://www.drupal.org/SA-CORE-2018-002
+set $rce "ZZ";
+if ( $query_string ~* (23value|23default_value|element_parents=%23) ) {
+  set $rce "A";
+}
+
+if ( $request_method = POST ) {
+  set $rce "${rce}B";
+}
+
+if ( $rce = "AB" ) {
+  return 403;
+}
+
 <?php if ($nginx_config_mode == 'extended'): ?>
 ###
 ### Add recommended HTTP headers