问题
I have a site that is getting hit by users hitting variations of this URL /index.php?s=
I am trying to block all requests to the following string which should get rid of all the spammers php?s=
The problem I seem to be having is the ? and = in the htaccess file are protected characters and I just can't get the syntax correct. How can I use php?s= in the following scenarios?
I have tried
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} ^.(*php?s=).* [NC] RewriteRule ^(.*)$ - [F,L] </IfModule>
and
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^.*php?s=$1&%{QUERY_STRING}.* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
and
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{THE_REQUEST} ^.*(php?s=$1&%{QUERY_STRING}).* [NC] RewriteRule ^(.*)$ - [F,L] </IfModule>
But nothing works. Help please!
回答1:
try
#all .php requests with s= in querystring
RewriteCond %{REQUEST_URI} ^.+\.php$ [NC]
RewriteCond %{QUERY_STRING} ^s=.*$ [NC]
RewriteRule . - [F,L]
If you want to prevent s= in any querystring location replace the 2nd rewritecond above with
#block s= in any location
RewriteCond %{QUERY_STRING} ^(.*&)?s=.*$ [NC]
回答2:
You can also try blocking them before they get to the point of executing anything
.htaccess example
来源:https://stackoverflow.com/questions/8236341/blocking-bad-requests-with-htaccess-file