Is there a .htacces way to block all request starting with exactly /index.php?action=
?
I figured out:
RewriteCond %{QUERY_STRING} \baction=\b [NC]
RewriteRule ^ - [F]
But how do I put the part /index.php?
in front of that pattern. I tried a lot, but it didn't work and only this part of the pattern also blocks &action= parameters somewhere else in a URL
Hope you can help. Many thanks in advance, Nico
CodePudding user response:
You can use THE_REQUEST
variable to match full URL and block it like this:
RewriteCond %{THE_REQUEST} /index\.php\?action= [NC]
RewriteRule ^ - [F]
CodePudding user response:
RewriteCond %{QUERY_STRING} \baction=\b [NC] RewriteRule ^ - [F]
But how do I put the part /index.php? in front of that pattern.
The RewriteRule
pattern (ie. ^
in your example) matches the URL-path part of the URL (less the slash prefix). So, you can do it like this:
RewriteCond %{QUERY_STRING} ^action= [NC]
RewriteRule ^index\.php$ - [NC,F]
This matches any request that starts /index.php?action=
(case-insensitive).
The regex you had initially (ie. ^
) is successful for everything, so would match any URL that starts /<anything>?action=
.
The difference between this approach and checking against THE_REQUEST
(as in @anubhava's answer) is that this will also block requests that have been internally rewritten to /index.php?action=
, whereas THE_REQUEST
will only block direct requests from the client.