My site is "under attack" : bots from many different IPs are filling a form with spammy content.
IP addresses can't be filtered, they are always different, so I was thinking to filter by QUERY_STRING, to match an URI like this:
www.site.com/search?field1=spamword&field2=another_spamword
The rule :
rewritecond %{QUERY_STRING} ^(.*)spamword(.*)$
rewriterule .* - [F,L]
The regular expression looks right, but the rule is never executed. Any idea what's going on?
Thank you.
-
Aside of @Wrikken comment (check the log and see if
RewriteEngineison), the only thing that can be wrong is the regex. Try removing the ():RewriteCond %{QUERY_STRING} ^.*spamword.*$From coredump -
I could not enable the rewrite log, so I have found another way, and did this directly on all the pages with a form:
if ( strlen( $_SERVER['REQUEST_URI'] )>650 ) { header('HTTP/1.0 401 Unauthorized'); .. error message to not panic real users ... exit; }Because I have found ( watching the access logs and considering the form fields ) that an URL longer than 650 characters is never a valid request. (the average size was 4-6 Kb)
Sadly the regex issue is still there, and did not managed to solve it. But at least the issue was partially solved ( the bots are still there, but the page uses very few resources, as no queries are done )
Luckily the bots will recognize the 401 error and desist.
Ngu Soon Hui : @UVL, you can accept your own answer if you solve it alreadyFrom UVL
0 comments:
Post a Comment