1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 8:55 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Blocking Common Exploits

Using .htaccess to block exploits

         

BillyS

7:05 pm on Dec 28, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I use Joomla as my CMS and always used some rewrite rules to block some common exploits, but recently some users are suggesting to add the following:

#IF the URI contains a "http:" or "ftp:" or "https"
RewriteCond %{QUERY_STRING} http\: [OR]
RewriteCond %{QUERY_STRING} ftp\: [OR]
RewriteCond %{QUERY_STRING} https\: [OR]
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

Does anyone here see any reason NOT to add this code? It makes sense to me; I'mjust tying to get some other opinions.

jdMorgan

9:40 pm on Dec 28, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Without knowing *why* you might want to redirect these requests, all I can suggest is to avoid the appearance of gateway pages by returning a simple 403 response by changing the RewriteRule to 

RewriteRule .* - [F]

Jim
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 8:55 pm May 2, 2026