One of my Drupal servers was recently hacked. Although it's clean now, I get lots of Google traffic for /payday-loans and /leasehold-loans
and similar. They have generated enough traffic to slowdown my website and especially mysql. What is the correct code for .htaccess to redirect (or just stop) all URIs containing payday or loans? I'd like to handle these requests at the apache level--prior to PHP and mysql processing them.
Try adding this above any rewrite rules that you may already have:
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans - [L,F]
This will return a 403 forbidden, but you may want to redirect to something else instead.
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans https://google.com/ [L,R=301]
This redirects any request with payday/leasehold-loans to google, or you can just 404 it:
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans - [L,R=404]
Related
Im helping a friend out on a website which is created using an online platform powered by plesk and theres an issue when trying to access this web through google.
Writing the domain directly in the browser works fine but when accessing it through a google search it redirects the user back to google.
What could be the issue?
this is my .htaccess file
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
#HTTP-HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://srad.wtf/es_ES/$1 [R=301,L,QSA]
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
# Sets the HTTP_AUTHORIZATION header removed by Apache
RewriteCond %{HTTP:Authorization} .
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Rewrite all other queries to the front controller.
RewriteRule ^ %{ENV:BASE}/index.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 307 ^/$ /index.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
Ive removed the majority of the comments from the file to keep it clean
As stated in comments, there doesn't appear to be anything in your .htaccess file that would cause this redirect.
the redirect response ... appears to be coming from an Nginx server (possibly a front-end proxy), not Apache.
#MrWhite does that mean its something that I cant solve myself?
The Nginx server, from which the response is ultimately being served from/through (a front-end/caching proxy I suspect) is part of your server config - so you would expect to have some control over this - although "using an online platform" then maybe not?
However, the redirect(s) you are seeing may be coming from your application server/PHP (not Nginx or Apache). The problem isn't just with "Google Chrome" (as you have tagged) or even with Google SERPs. Any inbound link to the homepage is being 302 redirected back to itself (the HTTP Referer).
Not wanting to sound alarming, but this sort of redirect is quite typical of a site being hacked - as it is potentially damaging for SEO. Although since this only affects the homepage and is a 302 (temporary) redirect and you appear to have other language specific redirects in the application logic then this may just be a missconfiguration - although redirecting back to the "HTTP Referer" is quite a deliberate action!
For example, the following link to your homepage currently 302 redirects back to "this page"!
https://srad.wtf/
Workaround
Your site appears to be in two languages, as denoted by the first path segment, /en/ or /es_ES/ (default). The application logic appears to unconditionally redirect(302) to /es_ES/ if omitted (it is not deduced from the user's browser preferences or remembered for returning visitors).
You may be able to redirect to /es_ES/ early in .htaccess before the application kicks in. (By the same logic that requesting the HTTP homepage also works OK, since it is redirected to HTTPS early in .htaccess.)
Try the following, after the RewriteEngine directive:
RewriteRule ^$ https://example.com/es_ES/ [R=302,L]
Note that this is a "workaround", it doesn't fix the underlying problem.
Additionally...
#HTTP-HTTPS
RewriteCond %{HTTPS} off
RewriteRule (.*) https://srad.wtf/es_ES/$1 [R=301,L,QSA]
This HTTP to HTTPS redirect is not strictly correct, as it unconditionally prefixes the request with /es_ES/ even when a valid language code might already be present. eg. Request http://example.com/es_ES/about (HTTP) and you are redirected to https://example.com/es_ES/es_ES/about (404). etc.
The HTTP to HTTPS redirect should simply redirect to the same URL-path (resolve any other language/path issues elsewhere*1). For example, this should be written:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://example.com/$1 [R=301,L]
The QSA (Query String Append) flag is not required since the query string (if any) is passed through by default, unless you create a new query string on the substitution string (the QSA flag would then be required to append the query string from the original request).
(*1 To some extent, the preceding "workaround" resolves the missing language code.)
Strictly speaking, the language should be defaulted conditionally based on the value of the Accept-Language HTTP request header - but this is best done in PHP, not .htaccess.
I have a file at example.com/DesktopModules/SubscriptionSignup/Tools/IPNHandler.aspx that needs to be rewritten so that it actually runs example.com/paypal-ipn-handler.php.
All other traffic, though, should be redirected to another-example.com.
I'm using this in my .htaccess file:
# Rewrite IPNHandler.aspx to paypal-ipn-handler.php
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} ^/Tools/IPNHandler.aspx [NC]
RewriteRule ^.*$ https://www.example.com/paypal-ipn-handler.php [P]
</IfModule>
#Redirect all other traffic to new domain.
RewriteRule ^ https://www.another-example.com%{REQUEST_URI} [L,R=301]
However, that's redirected everything including the URL that should stay at this domain, but get re-written to the PHP file.
For example, with the above in place, I would expect that traffic to example.com/DesktopModules/SubscriptionSignup/Tools/IPNHandler.aspx would remain at example.com, but run the PHP script instead. This is not happening, though. It's getting redirected to another-example.com/..../IPNHandler.aspx and gives me a 404, of course.
Any information about how I can adjust this so that my rewrite works and stays on the original domain, but all other traffic gets redirected would be greatly appreciated. Thanks!
EDIT
Actually, I commented out the redirect to see if my rewrite was working, and it's actually giving me a 404, but when I hit the paypal-ipn-handler.php directly I get the output I expect.
So it seems I need more help than I thought, please, and thanks!
You may use these rules in your site soot .htaccess:
RewriteEngine On
RewriteRule Tools/IPNHandler\.aspx$ /paypal-ipn-handler.php [L,NC]
#Redirect all other traffic to new domain.
RewriteRule !^paypal-ipn-handler\.php$ https://www.another-example.com%{REQUEST_URI} [L,NC,NE,R=301]
There is no need to use P flag here as you just want an internal rewrite.
Condition !^paypal-ipn-handler\.php$ will redirect everything except /paypal-ipn-handler.php.
Make sure to use a new browser to test or test after you completely clear browser cache.
I am attempting to redirect a development site that has been indexed by search engines to a specific category in the new live site.
The development site URL was:
http://staging.mydomain.com.au/
There are multiple page url's after the domain so I'd like to redirect all of these to the same new URL.
E.g.
http://staging.mydomain.com.au/essential_grid/
http://staging.mydomain.com.au/feed/
The new url is, where "/portfolio/" is where I need the old URLs redirected to:
http:www.mydomain.com.au/portfolio/
While I'm not receiving any error messages, staging.mydomain.com.au is
not redirecting to www.mydomain.com.au/portfolio/
This is a snippet of what I have in my .htaccess file at present:
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^staging.mydomain.com.au$
RewriteRule ^(.*)$ http://www.mydomain.com.au/portfolio [R=301,L]
</IfModule>
Any help would be greatly appreciated.
UPDATE: It seems (from comments) that staging. no longer exists - that's the problem! staging. needs to exist (ie. the DNS must resolve) so that the request gets to your server in order to do the redirect. If staging. does not exist then the initial request will simply fail (the browser will fail to lookup the domain and you'll get a DNS error).
You need to recreate the staging subdomain (even with no files) and then implement the redirect below.
Your RewriteRule actually looks OK - assuming you are wanting to redirect all those URLs to the single /portfolio URL. However, the order should perhaps be changed to have the redirect before the internal rewrite. RewriteEngine only needs to be included once and you don't need RewriteBase in the code you have posted. So, this should be rewritten as:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^staging\.mydomain\.com\.au$
RewriteRule ^ http://www.mydomain.com.au/portfolio [R=301,L]
^(.*)$ is reduced to simply ^ since you don't need to capture the URL for a backreference in the substitution.
I've also removed the other RewriteRule as it doesn't appear to be doing anything?
Also note that 301 redirects are cached by the browser, so make sure that you clear your browser cache between failed attempts. It can be easier to test with 302 temporary redirects for this reason.
Apparently a ton of bots are hammering my site with requests that look like this:
www.domain.com/?16322150=856677556
www.domain.com/?1507558478=1959488868
www.domain.com/?1003637363=132097965
www.domain.com/?647628023=904035481
Anyway I could effectively redirect these requests with .htaccess? Maybe redirect them back to themselves?
We've tried Cloudflare and Intreppid, but they are claiming that we have HTTPD or Mysql exploits that aren't addressed. Any insight?
Well, you could try to do something like this to prevent your scripts from being interpreted by apache (saves maybe a little bit of resources):
RewriteEngine On
RewriteCond %{QUERY_STRING} ^[0-9]+=[0-9]+$
RewriteRule ^ http://%{REMOTE_ADDR}/ [L,R=301]
in the htaccess file in your document root.
I have a url that is www.blahblah.com/something
That is a remote service, I don't have anything to do with it.
How can I use .htaccess on my own server and rewrite from www.myurl.com so that the content displayed is all www.blahblah.com/something, but the address bar still reads www.myurl.com
No, this is not possible with foreign urls.
You can, however, do this locally. For example, look at this htaccess file:
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^some/test/url$ index.php?some=test&or=url [L]
In this scenario, if you visit www.myurl.com/some/test/url it will show as such on the browser, but your server will actually be running index.php in your document root with the parameters some=test&or=url.
This is only possible for scripts running on your server. You cannot do this on another server/domain. If you try this (eg, by changing index.php?some=test&or=url in the example above to http://www.blahblah.com/something), then apache will just redirect the browser to that url.
htaccess (Apache) makes the connection to the user, and the user is expecting a response from YOUR server. If you try to load content from another server, Apache would have to make that connection, load the resulting HTML or whatever, and pass it back to you. But this gets messy, especially when you get into cookies, SSL, javascript, etc.
My question is: why do you actually need this? I'm not sure I understand why it is a problem if the user's url changes. If it's a service you have no control over, why is it so bad to just send them to it?
You might want to research more about cache servers, or using PHP to to make the http call to the server you want and "pass through" the content, assuming you know beyond a doubt there will be no issues with cookies or SSL or whatever. But again, why not just send them to the proper URL?
Try this:
RewriteCond %{HTTP_HOST} ^DomainA.com
RewriteRule ^(.*) http://DomainB.com/$1 [P]
It works for me.
Source: http://www.inmotionhosting.com/support/website/htaccess/redirect-without-changing-url
mod_rewrite is the right way.
Make sure it is mod_rewrite is activated in our apache conifiguration.
add to the .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.blahblah\.com$ [NC]
RewriteRule ^(.*)$ http://www.myurl.com/$1 [R=301,L]
RewriteCond defines the condition. In this case if the http_Host is www.blahblah.com
RewriteRule defines what to do. In this case forward to your target domain. $1 is the rest of your URL
More Details you can find here: http://httpd.apache.org/docs/current/mod/mod_rewrite.html