Home > Software engineering >  How set rule in .htaccess when QUERY ?random_letters_numbers=abracadabra
How set rule in .htaccess when QUERY ?random_letters_numbers=abracadabra

Time:08-02

My site under attack in logs i have random query on main page:

IP - - [DATE] "GET /?random_letters_numbers=abracadabra HTTP/1.1"

How i can block this query only main page and don't block utm_tags.

I set rule .htaccess :

RewriteCond %{QUERY_STRING} ^(?).{1,10}=.*$
RewriteRule .* - [R=503,L]

but this code work in utm tags too block it.

?utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test

Logs:

"GET /?CEosEj=BTC5fK HTTP/1.1"
"GET /?TZJWAv=fSbz0W HTTP/1.1"
"GET /?rLp5Fy=mH3Sro HTTP/1.1"

IP - - [02/Aug/2022:10:37:53  0300] "GET /?vKcMMM=ZtMbVV HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
IP - - [02/Aug/2022:10:37:53  0300] "GET /?sQv4E1=faF26B HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Mobile Safari/537.36 OPR/63.3.3216.58675"
IP - - [02/Aug/2022:10:37:53  0300] "GET /?1cPe0W=cN2HQC HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
IP - - [02/Aug/2022:10:37:53  0300] "GET /?fWF6uH=HQtAfD HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/4.3"
IP - - [02/Aug/2022:10:37:53  0300] "GET /?3YPAHg=EsvwFq HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"

CodePudding user response:

How i can block this query only main page and don't block utm_tags.

You can use this rule;

RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=] )=)[^=] = [NC]
RewriteRule ^$ - [F]

Here:

  • RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=] )=)[^=] =: Makes sure query string is not utm_...=... or v=...
  • RewriteRule ^$: Matches landing page only
  • [F]: Sends back http status 403 (forbidden) to clients

Here is RegEx Demo

CodePudding user response:

With your shown samples please try following htaccess rules. These rules will check if a query string is NOT exactly matching value: utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test then block that url.

Here is the Online demo for used regex in htaccess rules.

RewriteCond %{QUERY_STRING} !^utm_source=wnc_[^&]*&utm_medium=[^&]*&utm_campaign=wnc_[^&]*&utm_content=\S $ [NC]
RewriteCond %{QUERY_STRING} !^v=[0-9] (\.[0-9] )? [NC]
RewriteRule ^/?$ - [F]

Page link:https//www.codepudding.com/Softwareengineering/496634.html

Prev:Making offset effect for div container
Next:Apache webserver: Fall back to http/1.1 Protocol only for certain user-agent
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding