.htaccess to restrict bot activity - .htaccess

I have a bot that is trying to access my site by entering what appear to be keywords or passcodes. The entries come from dozens of different IPs and locations, so I can't block via IP, location, or referrer.
The bot attempts to visit a page like this:
http://www.website.com/valid-page/?kwd=du2c3m
Always in this format and the 'valid-page' is always the same page. I get as many as 400 of these attempts a day, and have been getting them for over a week.
My question is, how can I use .htaccess to block these attempts? I'm sure it's relatively straightforward - like blocking all '?kwd' urls or blocking all subdirectories of the 'valid-page'
Any thoughts? I really appreciate it.

What's unique that these bots are doing that normal humans browsing your site aren't doing? If it's a matter of a user-agent (should be in your access logs), then block that user-agent:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} the_bot_useragent
RewriteRule ^ - [L,F]
If it's a matter of the weird query string, then block that query string:
RewriteEngine On
RewriteCond %{QUERY_STRING} kwd=
RewriteRule ^ - [L,F]
If it's a matter of all the bots originating from an IP or a subnet:
Deny 123.45.67
# or
Deny 123.123.123.123

Related

Block specific url with ? with htacess

Firstly, I can't get the correct code looking at other post here, not working for me hahahaha.
I would like to block this specific url: /2017/06/wonder-womannuestra-princesa-feminista.html?m=1 (Related to an old blogger url)
Don't know why but different ips, without referrer and user agent, are spamming (not a real visit cause after a redirection to the new one on WordPress they visit all the links in the url) my site always entering by this url and I would like to block ONLY this one.
I've tried to redirect this one with Redirection plugin but I have a redirection to all "?m=(*)" and this one is the one working, not the one related to the specific url.
I just used : RewriteCond %{REQUEST_URI} ^/2017/06/wonder-womannuestra-princesa-feminista.html?m=1 but it doesn't work.
Could you help, I think the problem is that I'm not witting the correct code due to the "?" character. Many thanks.
With your shown samples, attempts considering that you need to block url(mentioned in comments/question), if this is the case then try following. This rule will forbid this specific url from being accessed.
Please these rules at top of your .htaccess file. Make sure to clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{THE_REQUEST} \s/2017/06/wonder-womannuestra-princesa-feminista\.html\?m=1 [NC]
RewriteRule ^ - [F,L]

htaccess: act as if files were in another directory, but RewriteRules seem to be mutually exclusive

For files in several subdirectories of /data/, I would like to treat them (and the files inside them) as if they were in the root directory.
So,
1) a request to
/data/foobar/file.png
should redirect the browser to
/foobar/file.png
2) any requests to
/foobar/file.png
should respectively deliver the file /data/foobar/file.png, but without redirection.
For 1) I got the following rule working
:
RewriteCond %{REQUEST_URI} ^(.*)?data/((foobar|and|some|other|subdirs)/.*)$
RewriteRule .* %1%2 [R=301,L,qsappend]
(I took this approach usind a RewriteCond with %x references in order to be subdirectory-agnostic, as in my dev environment the page is located in a subdirectory as opposed to the live system where it's in the root of the domain.)
And for 2) the following rule does the trick:
RewriteRule ^((foobar|and|some|other|subdirs)/.*)$ data/$1 [L,qsappend]
However, these rules only work if I enable one at a time. If I enable both of them at the same time, the browser will abort the request with a "too many redirects" error. The redirect from /data/* to /* will work, but then end in the aborted request just the same as calling the URL without /data/*.
I'm having a hard time understanding why this is happening. It would be totally logical if both rules actually triggered a redirect. But as far as my understanding of htacccess goes (and the Network tab of the dev console seems to confirm that conception), the client shouldn't even know for case 2) that the file is not actually there. So why does this apparently still count towards the redirection limit?
Is there something fundamental I'm missing? And how can I achieve what I'm trying to achieve?
This is because you first redirect and then rewrite the same Uri . Your second rule is conflicting with with the first one.
You need to match against %{THE_REQUEST} instead of %{REQUEST_URI} to avoid the redirect loop
RewriteCond %{THE_REQUEST} \s(.*)?data/((foobar|and|some|other|subdirs)/.*)\s
RewriteRule .* %1%2 [R=301,L,qsappend]
RewriteRule ^((foobar|and|some|other|subdirs)/.*)$ data/$1 [L,qsappend]

How prevent unhautorized access to file with htaccess

how i can:
ALLOW access to file from website
AND
DENY access to file from all which external to website
Using HTACCESS ?
For example website is stored in a webspace associated to domain: xxx.xx.
Inside a webpage i have a link as:
LINK
And:
Clicking on LINK then start video correctly
BUT
Typing from url (for example): http://www.xxx.xx/video/example.mp4 need return error 403 (denied access) blocking so playing and/or download of file: example.mp4
Thanks for help.
Since it is not easy to write a rule in comments, I am providing a rule which blocks access to a mp4 file based on HTTP_REFERER header value:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?xxx\.xx/ [NC]
RewriteRule ^video/example\.mp4$ - [F,NC]
However keep in mind that clients can spoof HTTP_REFERER header.

htaccess redirect of root domain, not subfolders with url masking

I am trying to do the following -
Redirect just the root domain to a different domain.
The redirect needs to be masked so the user still thinks they are on the url they typed.
Existing subfolders should still work with the existing root domain.
For example-
I have an installation using www.currentsite.com which has lots of subfolders for example www.currentsite.com/store
I want to redirect just the root of www.currentsite.com to www.newsite.com but want the browser to still say www.currentsite.com.
If the user goes to www.currentsite.com/subfolder I still want that to work with the original installation.
I have the following which seems to be handling redirecting just the root fine but does not mask the url...
RewriteEngine on
RewriteCond %{HTTP_HOST} www.currentsite\.com [NC]
RewriteCond %{REQUEST_URI} ^/$
Rewriterule ^(.*)$ http://www.newsite.co.uk/ [L,R=301]
Any help id appreciated.
For what you call "masked" the usage of apaches proxy module makes most sense:
ProxyPass https://www.currentsite.com https://www.newsite.co.uk
ProxyPassReverse https://www.currentsite.com https://www.newsite.co.uk
It maps one base url to another one and takes care to transparently and reliably rewrite all contained references.
The proxy module can also be used by RewriteRules, the P flag does that. But in the end it comes out itself and the above, direct usage is more transparent and less complex.
Here is the documentation, as typical for the apache project it is of excellent quality and comes with lots of good examples: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Htaccess - Detecting the URL

For my family members I was giving each person their own subdomain
(sister1.mydomain.com, sister2.mydomain.com, etc...)
I was using PHP to detect the domain, and then I'd load information related to the subdomain dynamically.
I'd like to get rid of the subdomains and use the power of .htaccess
My goal is to give the same URL:
www.mydomain.com/sister1
www.mydomain.com/sister2
www.mydomain.com/mommy
www.mydomain.com/daddyo
Obviously, I don't plan to have literal working directories for each person.
I'd pass the "sister1" portion to a process.php script that takes care of the rest.
I've figure out how to do it by manually typing each RewriteRule in my htaccess file:
Options +FollowSymLinks
AddDefaultCharset UTF-8
RewriteEngine on
RewriteBase /
RewriteRule ^/?sister1$ process.php?entity=sister1 [L]
RewriteRule ^/?sister2$ process.php?entity=sister2[L]
RewriteRule ^/?mommy$ process.php?entity=mommy[L]
RewriteRule ^/?daddyo$ process.php?entity=daddyo[L]
I feel this is the long way of doing it.
Is there a more universal way of extracting the text after the first "/" forwardslash, and passing it to process.php?entity=$1 ?
I tried it this way:
RewriteRule ^/([A-Za-z0-9-]+)/?$ process.php?entity=$1 [NC,L]
I'm getting the apache 404 error: "Not Found".
It is because you have a mandatory / in the beginning of your rule, i.e., you are always looking for something like /sibling in the URL. Your first examples have that first forward slash as optional due to the question mark after it.
You do not need a beginning forward slash - normally the rewrite rule picks up stuff after the domain name
www.example.com/string/mod/rewrite/gets/is.here
So just remove the starting slash and it should work.

Resources