I'm getting tons of requests on my site based on an old url (get variable) structure. Its not something humans follow, so instead of redirecting it I want to block it so it uses almost 0 resources from server.
If the url contains something like thewebsite.com/?s=bla&some_variable=1 I want to block it with prejuduce!
This is what I have but it does not seem to work.
<FilesMatch "some_variable=1$">
order allow,deny
deny from all
</FilesMatch>
What am I doing wrong here?
You could parse query string with mod_rewrite and QUERY_STRING.
You can put this code in your root htaccess
RewriteEngine On
RewriteCond %{QUERY_STRING} some_variable=1 [NC]
RewriteRule ^ - [F]
Note: don't forget to check if mod_rewrite is enabled
Related
Start by explaining what I'm trying to do:
I've got different pages on my website. Some pages have the same templates so I create one page with parameters to adapt my page: Parameters are called pageview and lang the URL looks like this:
http://mywebsite/home/en <- http://mywebsite/index.php?pageview=home&lang=en
http://mywebsite/page2/fr <- http://mywebsite/index.php?pageview=page2&lang=fr
for example. To dot that, I use the famous .htaccess file and it module rewrite_module for Apache.
I've got also a contact page with a different template. It URL looks like this and here there is only one parameter:
http://mywebsite/contact/fr <- http://mywebsite/contact.php?lang=fr
http://mywebsite/contact/en <- http://mywebsite/contact.php?lang=en
Here is my .htaccess code:
RewriteEngine On
RewriteRule ^contact/([a-zA-Z0-9]+)/?$ contact.php?lang=$1
RewriteRule ^([a-zA-Z0-9]+)$ index.php?pageview=$1 [QSA]
RewriteRule ^([a-zA-Z0-9]+)/([a-zA-Z0-9]+)/?$ index.php?pageview=$1&lang=$2 [QSA]
The problem is that .htaccess file work for the index.php but not for contact.php
I can fully access to contact.php but the parameter is not detected
Thanks for your help 😀😀 !
EDIT
If I remove index parts to stay only the contact rewriteRule's the problem stay there.
contact.php and index.php are in the root folder
RewriteRule ^contact/([a-zA-Z0-9]+)/?$ contact.php?lang=$1
It looks like you may have a conflict with MultiViews. If MultiViews is enabled then mod_negotiation will rewrite a request for /contact/fr to /contact.php (without any parameters) before mod_rewrite is able to process the request.
Try disabling MultiViews at the top of your .htaccess file:
Options -MultiViews
I want block some paths and file types in htaccess.
I have regex like this: \/(libs|public)\/(.*).*\.(css|js|jpe?g|png|bmp|ttf) which works well at test server https://regex101.com/
for my example string: /libs/test/any.css?number=123.
When I move my condition into htaccess my example string is allowed. But it must be blocked with 403 because is started with libs string.
<If "%{REQUEST_URI} =~ m#^/(libs|public)/(.*).*\.(css|js|jpe?g|png|bmp|ttf)#">
order allow,deny
deny from all
satisfy all
</If>
because I want to block paths started in my condition (libs|public).
This request /allowedfiles/libs/test/any.css?number=123 must not be blocked.
Please help what am I dooing wrong?
Try with below, it requires mod_rewrite.
RewriteEngine On
RewriteCond %{QUERY_STRING} ^$
RewriteCond %{REQUEST_URI} ^\/(libs|public)\/(.*).*\.(css|js|jpe?g|png|bmp|ttf)$
RewriteRule ^ - [F]
I have jpg urls like these:
http://domain.com/members/content/upload/temp/1600watermarked/photo.jpg
http://domain.com/members/content/upload/test-123/1200watermarked/photo.jpg
http://domain.com/members/content/upload/random/1800watermarked/photo.jpg
In the folder content I have an htaccess file with this in there:
<FilesMatch /watermarked/.*>
Order Allow,Deny
Deny from all
</FilesMatch>
But that doesn't seem to work in blocking any jpg urls with the word "watermarked" in them. Any suggestions?
Well after some more experimenting I got this:
RewriteCond %{REQUEST_URI} ^(.*)watermarked(.*)$
RewriteRule ^(.*)$ http://domain.com/forbidden.htm [R=301,L]
It's not exactly a forbidden error but it works better in my case since I can redirect them to a page to upgrade their accounts to see the blocked content.
Something is continually hammering my website adding PLACEIMPMACROHERE to the end of URLs. I am not sure what it is, but it doesn't look good. So I'd like to thwart it if possible.
'Place IMP Macro Here' as if it's some bot/flooding script and it hasn't been configured yet.
How could I block any URL ending in PLACEIMPMACROHERE, it appears as if it's a folder. It hits like this:
www.website.com/directory/another-directory/PLACEIMPMACROHERE
Or anywhere, not always the same location, sometimes:
www.website.com/directory/PLACEIMPMACROHERE
I tried this but with no success
RewriteCond %{THE_REQUEST} PLACEIMPMACROHERE [NC]
RewriteRule .* - [F]
Does anyone see where that's going wrong or is it entirely wrong?
I agree with Jon Lin, your mod_rewriting should work, though it could be simplified:
RewriteRule PLACEIMPMACROHERE - [F]
That said, I'd suggest you use the FilesMatch directive:
<FilesMatch "PLACEIMPMACROHERE$">
order allow,deny
deny from all
</FilesMatch>
I believe it's less resource-intensive, and also less complex.
The rule that you have should work, it simply checks for that phrase anywhere in the request, and not just at the end. You can do that by adding another character as a check, also make sure that rule is before any other ones you have and is in the htaccess file in your document root:
RewriteCond %{THE_REQUEST} PLACEIMPMACROHERE($|\ |\?) [NC]
RewriteRule .* - [F]
Oh, also make sure you turned on the rewrite engine:
RewriteEngine
somewhere near the top of your htaccess file.
I wonder if I can deny accessing http://domain.tld/index.php and allow only http://domain.tld/index.php?var=val
Is this possible with a rewritecond and rewriterule? I cannot figure this out. Any help?
Thanks!
Yes it is possible. The trick to use a condition to check the query string, using this in your docroot .htaccess file which allows you to forbid access to index.php unless the variable var is set:
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !\bvar=
RewriteRule index.php - [F]
Does it have to be a rewrite rule? If it's a PHP script, you could detect the absence of the required parameters and just return an appropriate HTTP header to deny access.