0

I am trying to write rewrite rules to block URLs with some particular pattern. The requests are as follows as seen in Apache log. 

"GET /mysecure/Docs?cb=20414624755 HTTP/1.1" 200 881107 "-" "Mozilla/5.0 (Windows NT 6.1; rv:53.0) Gecko/20100101 Firefox/53.0"

I want to block all requests with QUERY_STRING cb=20414624755 .

For this I have written the following rule

RewriteCond %{QUERY_STRING} "^cb=20414624755$" [nocase]
RewriteRule ^\/mysecure\/Docs$ - [forbidden,last]

But the requests are not getting blocked.In apache access log file , I can see 200 Response code for the requests with these patterns.

Please suggest.

Zama Ques
  • 523
  • 1
  • 9
  • 24

1 Answers1

1
RewriteCond %{QUERY_STRING} "^cb=20414624755$" [nocase]
RewriteRule ^\/mysecure\/Docs$ - [forbidden,last]

These directives will match the stated request if they are used directly in the server config (or virtual host). However, the RewriteRule pattern will not match the URL-path if used in a directory or .htaccess context (which I can only assume is where they are being used in this instance?).

When used in a .htaccess file, the directory-prefix (of where the .htaccess file is located) is first removed from the URL-path that is matched by the RewriteRule pattern. The directory-prefix always ends with a slash, so the matched URL-path never starts with a slash.

To make this work in both a server and directory context you can make the preceding slash optional:

RewriteCond %{QUERY_STRING} ^cb=20414624755$ [NC]
RewriteRule ^/?mysecure/Docs$ - [F]

There is no need to escape the slashes in the regex. I've used the shorthand flags, since they are far more common in usage. The L (last) is not required when used with F (forbidden) - it is implied. The quotes around the CondPattern are not required here.

MrWhite
  • 12,647
  • 4
  • 29
  • 41