如何在.htaccess中设置查询时的规则?

vddsk6oq  于 2022-11-16  发布在  其他
关注(0)|答案(2)|浏览(126)

我的网站受到攻击的日志我在主页上随机查询:

IP - - [DATE] "GET /?random_letters_numbers=abracadabra HTTP/1.1"

我如何可以阻止这个查询只有主页,而不阻止utm_tags。
我设置了规则。htaccess:

RewriteCond %{QUERY_STRING} ^(?).{1,10}=.*$
RewriteRule .* - [R=503,L]

但此代码在utm标记中工作,因此会阻止它。

?utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test

记录档:

"GET /?CEosEj=BTC5fK HTTP/1.1"
"GET /?TZJWAv=fSbz0W HTTP/1.1"
"GET /?rLp5Fy=mH3Sro HTTP/1.1"

IP - - [02/Aug/2022:10:37:53 +0300] "GET /?vKcMMM=ZtMbVV HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?sQv4E1=faF26B HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Mobile Safari/537.36 OPR/63.3.3216.58675"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?1cPe0W=cN2HQC HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?fWF6uH=HQtAfD HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/4.3"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?3YPAHg=EsvwFq HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
svmlkihl

svmlkihl1#

我如何可以阻止这个查询只主页,而不阻止utm_tags。
您可以使用此规则;

RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=]+)=)[^=]+= [NC]
RewriteRule ^$ - [F]

在这里:

  • RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=]+)=)[^=]+=:确保查询字符串不是utm_...=...v=...
  • RewriteRule ^$:仅匹配登录页面
  • [F]:将http状态403(禁止)发送回客户端

Here is RegEx Demo

2lpgd968

2lpgd9682#

请使用您显示的示例尝试以下htaccess规则。这些规则将检查查询字符串是否与值不完全匹配:utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test然后阻止该URL。
下面是htaccess规则中使用的正则表达式的Online demo

RewriteCond %{QUERY_STRING} !^utm_source=wnc_[^&]*&utm_medium=[^&]*&utm_campaign=wnc_[^&]*&utm_content=\S+$ [NC]
RewriteCond %{QUERY_STRING} !^v=[0-9]+(\.[0-9]+)? [NC]
RewriteRule ^/?$ - [F]

相关问题