: The question mark ('?') in URLs is preventing htaccess code from blocking them I want to block someone using this dynamic URL: REQUEST_URI = /%24%24%24%26%3f%26%3f%24%24%24?cmd=get_file&arg=images/wslogo_block_page.png&sid=3
I want to block someone using this dynamic URL:
REQUEST_URI = /%24%24%24%26%3f%26%3f%24%24%24?cmd=get_file&arg=images/wslogo_block_page.png&sid=3257F1B3D8C5432EB676D55891B428ED164A3561
There's a new IP each time, but the following part of the URL is always the same /%24%24%24%26%3f%26%3f%24%24%24?cmd=get_file&arg=images/wslogo_block_page.png&sid=.
The code below would work fine if it weren't for the ? in the URL (see the URL above), it screws everything up. I've tried to include the '?' in the rewrite rule below but that doesn't help.
RewriteRule ^.*cmd=get_file.*$ - [F,L]
How do I deal with the ? (question mark) in these URLs so I can block them? Thanks.
More posts by @Courtney195
2 Comments
Sorted by latest first Latest Oldest Best
OK, this seems to work. Thanks for your replies.
RewriteCond %{QUERY_STRING} cmd=get_file [NC]
RewriteRule .* example.com? [R=301,L]
The code below would work fine if it weren't for the ? in the URL...
The ? in the URL you posted marks the start of the query string. To match the query string you need to use the QUERY_STRING server variable in a mod_rewrite condition. (The RewriteRule pattern matches against the URL-path only - this excludes the query string.)
RewriteRule ^.*cmd=get_file.*$ - [F,L]
This looks like you are trying to block any request that simply contains cmd=get_file anywhere inside the query string. To do this, you would need something like the following:
RewriteCond %{QUERY_STRING} cmd=get_file
RewriteRule ^ - [F]
The L flag is not required. It is implied when you use the F flag. The regex cmd=get_file is the same as ^.*cmd=get_file.*$. If that is sufficient then stop there.
However, this is far more general than what you stated in the first part of your question:
...the following part of the URL is always the same /%24%24%24%26%3f%26%3f%24%24%24?cmd=get_file&arg=images/wslogo_block_page.png&sid=
In order to match this specific URL (ignoring any trailing query string parameters), you would need something like:
RewriteCond %{QUERY_STRING} ^cmd=get_file&arg=images/wslogo_block_page.png&sid=
RewriteRule ^$$$&?&?$$$$ - [F]
The "complex" part of this is matching the URL-path (ie. /%24%24%24%26%3f%26%3f%24%24%24). The RewriteRule pattern matches against the %-decoded URL-path, which is /$$$&?&?$$$ (assuming the URL you posted earlier is not doubly encoded or anything). Confusingly, this also contains ? and other regex meta characters, so these must be backslash escaped in the regex that matches these literal characters.
Just an additional note if you are testing this on Microsoft Windows (as opposed to Linux)... The URL encoded ? (ie. %3f) in the URL-path will result in a system generated 403 Forbidden under Apache Windows before mod_rewrite/.htaccess is able to process the URL. This is because ? is not a permitted filename character under Windows (whereas $, & are "OK"). An error like the following is logged (if the appropriate debug level is set):
... [core:error] [pid 4576:tid 1756] (20025)The given path contained wildcard characters: [client 203.0.113.111:60740] AH00036: access to /$$$&?&?$$$ failed (filesystem path 'D:/WWW/vhosts/example.com/public_html/$$$&?&?$$$')
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.