1

If I want to block access to example.com/path/?xxxx (xxxx is variable), but allow access to example.com/path/, how should I write it in my .htaccess?

MrWhite
  • 12,647
  • 4
  • 29
  • 41
Sanata
  • 11
  • 3
  • Are these urls valid ? Are there files there ? – Rohit Gupta Oct 19 '22 at 04:02
  • Ex: domain.com/someone/someone.php real and valid url. Attackers use domain.com/someone/someone.php?ddfdfd to bring down my site. If I write that parameter after a valid url, it does not cause a 404 error, it loads the url domain.com/someone/someone.php – Sanata Oct 23 '22 at 04:33

1 Answers1

0

You can block access (eg. trigger a 404 Not Found) when a specific path (/path/) is requested with any query string using mod_rewrite at the top of the root .htaccess file.

For example:

RewriteEngine On

RewriteCond %{QUERY_STRING} .
RewriteRule ^path/$ - [R=404]

The above matches the URL /path/ exactly. (Note there is no slash prefix on the URL-path matched by the RewriteRule pattern - the first argument.)

To block all URLs that contain any query string then change the RewriteRule pattern to just ^ (simply a start of string assertion, so it's successful for any URL-path). For example:

:
RewriteRule ^ - [R=404]
MrWhite
  • 12,647
  • 4
  • 29
  • 41