Question 91175 in Apache Question posted in
Some documentation to get you started can be found here.

How set rule in .htaccess when QUERY ?random_letters_numbers=abracadabra – Apache

My site under attack in logs i have random query on main page:

IP - - [DATE] "GET /?random_letters_numbers=abracadabra HTTP/1.1"

How i can block this query only main page and don’t block utm_tags.

I set rule .htaccess :

RewriteCond %{QUERY_STRING} ^(?).{1,10}=.*$
RewriteRule .* - [R=503,L]

but this code work in utm tags too block it.

?utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test

Logs:

"GET /?CEosEj=BTC5fK HTTP/1.1"
"GET /?TZJWAv=fSbz0W HTTP/1.1"
"GET /?rLp5Fy=mH3Sro HTTP/1.1"

IP - - [02/Aug/2022:10:37:53 +0300] "GET /?vKcMMM=ZtMbVV HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?sQv4E1=faF26B HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Mobile Safari/537.36 OPR/63.3.3216.58675"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?1cPe0W=cN2HQC HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?fWF6uH=HQtAfD HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/4.3"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?3YPAHg=EsvwFq HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
Tags:

2

Answers


  1. 0

    How i can block this query only main page and don’t block utm_tags.

    You can use this rule;

    RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=]+)=)[^=]+= [NC]
RewriteRule ^$ - [F]

    Here:

    • RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=]+)=)[^=]+=: Makes sure query string is not utm_...=... or v=...
    • RewriteRule ^$: Matches landing page only
    • [F]: Sends back http status 403 (forbidden) to clients

    Here is RegEx Demo

    Login or Signup to reply.
  2. 0

    With your shown samples please try following htaccess rules. These rules will check if a query string is NOT exactly matching value: utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test then block that url.

    Here is the Online demo for used regex in htaccess rules.

    RewriteCond %{QUERY_STRING} !^utm_source=wnc_[^&]*&utm_medium=[^&]*&utm_campaign=wnc_[^&]*&utm_content=S+$ [NC]
RewriteCond %{QUERY_STRING} !^v=[0-9]+(.[0-9]+)? [NC]
RewriteRule ^/?$ - [F]
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search