I am trying to use the .htaccess file to block what appear to be malicious requests to my project. I have some RewriteCond
to block by User Agent but I now want to take care of requests that contain a path that begins with .
or _
.
As an example, I want to block these: https://my.project.url/.web
https://my.project.url/_backup
But I want to allow these: https://my/api/version/current_product
https://my.project.url/something.php
I have some expressions that block requests to common endpoints: RewriteRule ^.*wp-admin - [NC,F]
but don't know how to start to modifying that to block the new spam requests.
Here is what I came up with, and it works for my use case: RewriteRule (.*\\/\\.|.*\\/_) - [NC,F]
To translate: If there is any part of the path containing /.
or /_
then the request is forbidden.
RewriteRule .*/[\._].* - [F]
That's a bit easier to read. The NC is not needed since neither . or _ have a case, and everything else is a wildcard.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.