Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2014-08-18 06:54:01

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

htaccess suggestions

How can I block visitors who ask for ?m=any&q=1, /?m=any&q= and /?m=any? For a month now I’ve been getting hundreds of hits/day from half as many IP addresses relentlessly hitting one of my sites. I have resolved the first query using the suggestion here but at the moment the other urls resolve to the home page which has a lot of images. No htaccess rule I have tried works.

Can someone suggest a solution?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#2 2014-08-18 07:01:18

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: htaccess suggestions

Try this (quick and dirty, I’m not great at .htaccess):

RewritCond %{QUERY_STRING} m\=any&q\=1 [NC]
RewritCond %{QUERY_STRING} m\=any&q\= [NC]
RewritCond %{QUERY_STRING} m\=any [NC]
RewriteRule ^ - [F]

Offline

#3 2014-08-18 07:07:15

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: htaccess suggestions

Hi Pete,

That returns a 500 error :(


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#4 2014-08-18 07:10:57

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: htaccess suggestions

My bad – typos:

RewriteCond %{QUERY_STRING} m\=any&q\=1 [NC]
RewriteCond %{QUERY_STRING} m\=any&q\= [NC]
RewriteCond %{QUERY_STRING} m\=any [NC]
RewriteRule ^ - [F]

Offline

#5 2014-08-18 07:14:02

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: htaccess suggestions

That returns a very ok 403 for m\=any&q\=1 but the other two still return the front page


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#6 2014-08-18 07:44:07

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: htaccess suggestions

OK, good start – it means the rewrite cogs are working. I suspect the regex could be tightened up into one line, based on the m=any query segment, but I’m afraid I’ve exhausted my knowledge now. Perhaps some research into blocking part of a query string in htaccess and then building the regex might be the solution – or someone else smarter than I can help, I’m certain.

Offline

#7 2014-08-18 07:46:12

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: htaccess suggestions

One last try before I really accept defeat:

RewriteCond %{QUERY_STRING} ^m\=any$ [NC]
RewriteRule ^ - [F]

Offline

#8 2014-08-18 08:12:31

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: htaccess suggestions

Ok this is very interesting as your latest code works just fine!!!

I tried to change it to

RewriteCond %{QUERY_STRING} m\=any&q\=1 [NC]
RewriteCond %{QUERY_STRING} ^m\=any$ [NC]
RewriteRule ^ - [F]

but that did not work as the second one, returns the front page again.

In any case, using your latest suggestion together with the other forum thread, the bots (if they are bots) should hopefully go away soon.

THanks so much for all your help here Pete.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#9 2014-08-18 13:55:21

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: htaccess suggestions

Untested but this “should” combine the three queries into one:

RewriteCond %{QUERY_STRING} m\=any(&q\=1?)? [NC]
RewriteRule ^ - [F]

Perhaps…


TXP Builders – finely-crafted code, design and txp

Offline

#10 2014-08-18 16:03:57

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: htaccess suggestions

jakob wrote #283024:

Untested but this “should” combine the three queries into one:

RewriteCond %{QUERY_STRING} m\=any(&q\=1?)? [NC]...

Perhaps…

Hi Julian,

This returns some unexpected behaviour

The code works when I go to the links from my stats software but it also works for any search query … THat is almost all. At the moment I have a custom 403 error page statically residing outside txp which also has a search box. When I search from the 403 page results from legit queries are parsed ok but when I search from within a txp page the 403 error page is returned.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#11 2014-08-19 08:05:54

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: htaccess suggestions

Looks like the problem is matching /?m=any&q= because as soon as no instance of a the query is matched it also removes the &q= … part of a legitimate query string, thereby ruining the search query. If you can be sure that the empty string appears at the end of the line, adding a $ sign (end of line) after the first *?* mark should help:

RewriteCond %{QUERY_STRING} m\=any(&q\=1?$)? [NC]
RewriteRule ^ - [F]

Testing in Patterns, that matches ?m=any, ?m=any&q=1, ?m=any&q=, but not ?m=any&q=2, ?m=any&q=blah, ?m=any&q=11 or ?q=1.


TXP Builders – finely-crafted code, design and txp

Offline

#12 2014-08-19 08:08:43

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,134
GitHub

Re: htaccess suggestions

jakob wrote #283047:

Testing in Patterns […]

That’s very cool – bookmarked.

Offline

Board footer

Powered by FluxBB