Regex .htaccess block requests where the uri starts with a period or underscore
Question
I am trying to use the .htaccess file to block what appear to be malicious requests to my project. I have some RewriteCond to block by User Agent but I now want to take care of requests that contain a path that begins with . or _ .
As an example, I want to block these: https://my.project.url/.web https://my.project.url/_backup
But I want to allow these: https://my/api/version/current_product https://my.project.url/something.php
I have some expressions that block requests to common endpoints: RewriteRule ^.*wp-admin - [NC,F] but don't know how to start to modifying that to block the new spam requests.
2 answers
solution1
1 2015-10-06 18:05:30
Here is what I came up with, and it works for my use case: RewriteRule (.*\\/\\.|.*\\/_) - [NC,F]
To translate: If there is any part of the path containing /. or /_ then the request is forbidden.
solution2
1 ACCPTED 2015-10-06 18:11:58
RewriteRule .*/[\._].* - [F]
That's a bit easier to read. The NC is not needed since neither . or _ have a case, and everything else is a wildcard.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.