htaccess to block requests by string with WordPress in subdirectory

  • Imageericr23

    (@ericr23)


    5 months, 1 week ago

    We’re getting thousands of requests for the same page with extra URLs added on, eg:

    "GET /news/2023/07/22/reality-setting-in-[…]/print//%22https://www.re[…]//%22https://www.re[…]//%22[…]/%22 HTTP/1.1"

    The requests are distributed (during 15 minutes yesterday morning they came from ~2000 different IPs), so it would seem an easy thing to block requests containing “/print//” with:

    RewriteRule /print// - [F]

    in htaccess, but it’s not working. The WordPress module is in the “news” subdirectory. I tried the command in the root htaccess file and at the top and bottom of the subdirectory htaccess file (which contains code for Wordfence, Supercache, and WordPress itself (in that order).

    What am I missing?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter Imageericr23

    (@ericr23)

    5 months, 1 week ago

    Yes, “RewriteEngine on” is included.

    Also, in the root file: “RewriteOptions InheritDownBefore”

    Apache 2.4.63

    And there’s no distinct user agent characterizing the requests.

    Moderator Imagethreadi

    (@threadi)

    5 months, 1 week ago

    If you write the rule you mentioned in the .htaccess file in the /news/ directory, it should work. I assume you mean you have WordPress installed there, but I’m a little confused by the term “module.”

    Alternatively, you can also install a security plugin if you don’t already have one. Many of them also check such requests and can take care of the entry in the .htaccess file for you. You can find examples here: https://wordpress.org/plugins/tags/security/

    Thread Starter Imageericr23

    (@ericr23)

    5 months, 1 week ago

    As I mentioned, however, the rule did not work there. And I have Wordfence running but it is not stopping these particular requests.

    It might be relevant that actually, instead of a root-level htaccess file I use an Apache config file with the rules inside «Directory "/home/xyz/public_html/"» tags. That way, the htacess file doesn’t have to be loaded with each request. I just tried putting the rule in question inside «Directory "/home/xyz/public_html/news/"» tags (outside the root directory tags), and it again doesn’t work.

    I delete the cache before I check, of course.

    Moderator Imagethreadi

    (@threadi)

    5 months ago

    I haven’t tested this myself, but try the following:

    RewriteRule /news/print/ - [F]

    Otherwise, you might want to contact a community that supports Apache techniques or server technology. This issue has less to do with WordPress itself. Another alternative would be to use a firewall in your hosting.

    Thread Starter Imageericr23

    (@ericr23)

    5 months ago

    Thank you. There’s an intervening WordPress page between /news and /print. But since all of the requests actually used the same page, I had tried that:

    Rewrite Rule /news/2023/07/22/reality-setting-in-etc/print// - [F]

    (Also, I don’t want to block the /print page – just the requests that append more to it, which they do after a double-slash.) I do plan to ask for suggestions elsewhere. I asked here because WordPress has its own rewrite lines in htaccess and perhaps it could simply be a matter of order.

    Thread Starter Imageericr23

    (@ericr23)

    5 months ago

    I had mentioned that the root htaccess included “RewriteOptions InheritDownBefore”. It turns out that’s for Apache 2.4.8 and up, so I took it out and added “RewriteOptions InheritBefore” to the child htaccess file, leaving the rewrite rule in the root. Still no luck.

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Tags