Apparently a ton of bots are hammering my site with requests that look like this:
www.domain.com/?16322150=856677556
www.domain.com/?1507558478=1959488868
www.domain.com/?1003637363=132097965
www.domain.com/?647628023=904035481
Anyway I could effectively redirect these requests with .htaccess? Maybe redirect them back to themselves?
We've tried Cloudflare and Intreppid, but they are claiming that we have HTTPD or Mysql exploits that aren't addressed. Any insight?
Well, you could try to do something like this to prevent your scripts from being interpreted by apache (saves maybe a little bit of resources):
RewriteEngine On
RewriteCond %{QUERY_STRING} ^[0-9]+=[0-9]+$
RewriteRule ^ http://%{REMOTE_ADDR}/ [L,R=301]
in the htaccess file in your document root.
Related
Can you filter/inspect POST method/requests with htaccess
For example, if you want to filter a $_GET variable with htaccess to redirect if a pattern is matched, it would look like this:
RewriteCond %{QUERY_STRING} <script> [NC]
RewriteRule .*$ /mylogPage.php? [L,R=301]
Can you do a similar filter for $_POST variables?
I have tried many variations including an attempt to modify mod_security through htaccess. I assume in htaccess it will have something to do with:
RewriteCond %{REQUEST_METHOD} POST.
I have tried
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} <script> [NC]
RewriteRule .*$ /mylogPage.php? [L,R=301]
But it only redirected the page
If this should be done through mod_security, can one edit mod security through htaccess? What would the syntax look like? I have tried but was not successful.
I have done research and spoke to my hosting company as well.
If you are on shared hosting, all domains on the same server share the same settings for mod_security,so it is not possible to access and/or edit mod_security through htaccess. If that was possible, you would modify mod_security to affect all website on the server. On shared hosting it is only possible to inspect $_GET variables through htaccess.
In case you are on shared facilitating, all spaces on a similar worker share similar settings for mod_security, so it is absurd to expect to get to or potentially alter mod_security through htaccess. In case that was conceivable, you would change mod_security to influence all site on the worker. On shared facilitating it is simply conceivable to review $_GET factors through htaccess.
I've been looking for this solution but can't get it anywhere.
I have a website (shop) with SSL set up on it, working fine except in the area where customers would get an URL to the file they just purchased.
So, my working url to a download file should look something like this:
https://www.mywebsite.com/index.php?eddfile=123456etc
But the files only work if you browse them without HTTPS prefix:
http://www.mywebsite.com/index.php?eddfile=123456etc
So what I need is just to remove the https from these URLs that start with:
https://www.mywebsite.com/index.php?eddfile
And redirect them to the same URLs but without https prefix rather with regular prefix:
http://www.mywebsite.com/index.php?eddfile
Note: this is not a regular https to http (or vice versa) redirection for which I found answers here - Although this should be a simple .htaccess redirection, I need to make sure that this only happens to the urls that are beginning as described above
I tried to do something like this:
RewriteEngine On
RewriteCond %{REQUEST_URI} eddfile
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]]
But no success with that
As Martin suggests in comments, the real solution would be to fix why your HTTPS URL does "not work". (But also, why not just link directly to the HTTP URL if that "works"?)
Anyway, to answer your specific question... try the following near the top of your .htaccess file instead:
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{QUERY_STRING} ^eddfile=.
RewriteRule ^index\.php$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L]
This is only a "temporary" (302) redirect, since this is only a "temporary" fix.
eddfile is part of the query string, not the URL-path. The query string is automatically passed through to the substitution, providing you don't provide a query string.
Since you say the HTTP URL "works" then I assume you don't have an HTTP to HTTPS redirect?? Otherwise, you would need to include an exception with this redirect in order to avoid a redirect loop.
I'm new at programming. We have an office project, the website's URL is www.project.com.ph (sample name), this is already a live website from the client. But the released printouts have the instructions for the users to go to www.project.com/ph which is wrong and we can't reprint the material since it already reached plenty of event places.
Now the problem is, we need to redirect to www.project.com.ph automatically if the users type in the browser's address bar www.project.com/ph. I ask if this is possible without any kind of CMS or Wordpress and how to actually do it? We bought a new domain www.project.com for this. Any kind of help is appreciated.
Try the following near the top of your .htaccess file in the root of www.project.com. This works OK (although marginally less efficient) if both domains are pointing to the same place, since it specifically checks that we are requesting the "wrong" domain:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?project\.com$ [NC]
RewriteRule ^ph/?(.*) http://www.project.com.ph/$1 [NC,R=302,L]
This will redirect requests for www.project.com/ph (no slash), www.project.com/ph/ (with a trailing slash) and www.project.com/ph/<whatever> to http://www.project.com.ph/<whatever>.
This is a temporary (302) redirect. Change it to a permanent (301) only when you are sure it's working OK.
From kj.'s answer on a similar question, here
In your .htaccess for www.project.com, this should do the trick.
RewriteEngine on
RewriteRule ^(.*)$ http://www.project.com.ph/ [R=permanent,NC,L]
This will redirect any request to project.com to the domain http://www.project.com.ph/
To include the path after the /ph/` you can use this.
RewriteEngine on
# redirect including path after ph/ (e.g. project.com/ph/directory/file.php to project.com.ph/directory/file.php
RewriteRule ^ph/(.*)$ http://www.project.com.ph/$1 [R=permanent,NC,L]
# redirect any other requests to project.com.ph index
RewriteRule ^(.*)$ http://www.project.com.ph/ [R=permanent,NC,L]
You can redirect (301 redirect) the URL using RewritrRule in .htaccess file
RewriteRule "http://www.project.com/ph/(.*)" "http://www.project.com.ph/$1" [L,NC,R=301]
One of my Drupal servers was recently hacked. Although it's clean now, I get lots of Google traffic for /payday-loans and /leasehold-loans
and similar. They have generated enough traffic to slowdown my website and especially mysql. What is the correct code for .htaccess to redirect (or just stop) all URIs containing payday or loans? I'd like to handle these requests at the apache level--prior to PHP and mysql processing them.
Try adding this above any rewrite rules that you may already have:
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans - [L,F]
This will return a 403 forbidden, but you may want to redirect to something else instead.
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans https://google.com/ [L,R=301]
This redirects any request with payday/leasehold-loans to google, or you can just 404 it:
RewriteEngine On
RewriteRule (?:payday|leasehold)-loans - [L,R=404]
I have a url that is www.blahblah.com/something
That is a remote service, I don't have anything to do with it.
How can I use .htaccess on my own server and rewrite from www.myurl.com so that the content displayed is all www.blahblah.com/something, but the address bar still reads www.myurl.com
No, this is not possible with foreign urls.
You can, however, do this locally. For example, look at this htaccess file:
RewriteEngine On
Options +FollowSymlinks
RewriteBase /
RewriteRule ^some/test/url$ index.php?some=test&or=url [L]
In this scenario, if you visit www.myurl.com/some/test/url it will show as such on the browser, but your server will actually be running index.php in your document root with the parameters some=test&or=url.
This is only possible for scripts running on your server. You cannot do this on another server/domain. If you try this (eg, by changing index.php?some=test&or=url in the example above to http://www.blahblah.com/something), then apache will just redirect the browser to that url.
htaccess (Apache) makes the connection to the user, and the user is expecting a response from YOUR server. If you try to load content from another server, Apache would have to make that connection, load the resulting HTML or whatever, and pass it back to you. But this gets messy, especially when you get into cookies, SSL, javascript, etc.
My question is: why do you actually need this? I'm not sure I understand why it is a problem if the user's url changes. If it's a service you have no control over, why is it so bad to just send them to it?
You might want to research more about cache servers, or using PHP to to make the http call to the server you want and "pass through" the content, assuming you know beyond a doubt there will be no issues with cookies or SSL or whatever. But again, why not just send them to the proper URL?
Try this:
RewriteCond %{HTTP_HOST} ^DomainA.com
RewriteRule ^(.*) http://DomainB.com/$1 [P]
It works for me.
Source: http://www.inmotionhosting.com/support/website/htaccess/redirect-without-changing-url
mod_rewrite is the right way.
Make sure it is mod_rewrite is activated in our apache conifiguration.
add to the .htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.blahblah\.com$ [NC]
RewriteRule ^(.*)$ http://www.myurl.com/$1 [R=301,L]
RewriteCond defines the condition. In this case if the http_Host is www.blahblah.com
RewriteRule defines what to do. In this case forward to your target domain. $1 is the rest of your URL
More Details you can find here: http://httpd.apache.org/docs/current/mod/mod_rewrite.html