htaccess blocking a non-existent files/directories?

  • kosmos22

    (@kosmos22)


    6 years, 3 months ago

    How can I block non-existent files/directories with .htaccess?
    I mean:
    site.com/?51515bb
    or
    site.com/?62626cc
    I’ve tried a few things, but it doesn’t work.

    Im try with;

    RewriteEngine on
    RewriteCond %{QUERY_STRING} ^$ [OR]
    RewriteRule ^/?$ – [F]

    but this restrict all site…

    Can you help me, please?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator tobifjellner (Tor-Bjorn “Tobi” Fjellner)

    (@tobifjellner)

    6 years, 3 months ago

    The typical URL structure is:
    protocol: (http:)
    Start from hostname (//)
    hostname (www.example.com)
    divider between hostname and directory/file (/)
    directory/filename (wp-admin/index.php)
    divider before parameters (?)
    list of parameter name/value pairs a=0&tri=no
    location within page (#footer)

    The example URL’s you’ve given above don’t have any directory/file name at all!
    What comes after the question mark would be some parameter name (but lacking the value). This use is typically employed in order to “bust caches”, i.e. force the request to be fully processed by the server.

    One could craft an .htaccess that would filter these parameters, but think twice before trying that. If you, for instance discard any parameters today, then if you later add some smart plugin that uses such parameters for a meaningful purpose, then that might simply not work. (And you might have a weird moment before you realize that you created this problem yourself…)

    Thomas@iThemes

    (@thomas4ithemes)

    6 years, 3 months ago

    As someone previously mentioned, there’s really no reason to block those queries. As they (bot and/or human) should just be getting some sort of not found page. Whether that be a 404 Not Found, or some other not found page. And that’s really the correct response. As it’s better for bots and/or humans to get a 404 Not Found page (whether that be for SEO or just normal usability).

    But those query strings have a pattern (if they actually look like that). And the pattern is five digits followed by two letters.

    So you could create something like the following (assuming you’ve already declared the RewriteEngine On as you only need to declare it once in your .htaccess file and the WordPress permalink directives already declare it).

    RewriteCond %{QUERY_STRING} ^\d{5}[a-z]{2}$ [NC]
RewriteRule ^ – [F]

    You don’t need the [OR] conditional flag either as that means there’s going to be another condition but there is one, so it’s not needed. But you’d probably want the [NC] condition flag to account for both lower case and upper case letters.

    And the RewriteRule should be simplified as just those queries are what you want blocked regardless of where they appear.

    So those directives say throw up a 403 Forbidden if anything does a query for five digits followed by just two letters (lower and/or upper case).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘htaccess blocking a non-existent files/directories?’ is closed to new replies.