1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:33 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Request uri

ban URL requests based on a string

         

smallcompany

10:00 pm on Jun 7, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



RewriteCond %{REQUEST_URI} msgimport [NC,OR]
RewriteCond %{REQUEST_URI} roundcube [NC,OR]
RewriteCond %{REQUEST_URI} nonexisten#*$! [NC,OR]
RewriteCond %{REQUEST_URI} proxyjudge [NC,OR]
RewriteCond %{REQUEST_URI} proxyfire [NC]
RewriteRule ^(.*)$ - [F,L]

The upper code is based on requests that would have any of those strings as part of requested URL. The 404 would look like this:

61.x.x.x tried to load http://proxyjudge1.proxyfire.nethttp://proxyjudge1.proxyfire.net/fastenvi

I see it as invalid request, plus proxy, enough to figure that something is going on, so I want to issue 403.
And I do it in the form of the upper code, yet, I still get 404s on same requests.

What am I doing wrong?

Thanks

[edited by: jdMorgan at 1:54 am (utc) on June 8, 2009]
[edit reason] De-linked [/edit]

g1smd

1:02 am on Jun 8, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month 



REQUEST_URI
only sees the path and filename.

You need to look at 

HTTP_HOST
if you need to test the domain name.

You can use a local OR function and have just one condition: 

RewriteCond (oneŠtwoŠthree...)

^(.*)$
simplifies to 
(.*)
here. 

[F]
implies 
[L]
so specify just 
[F]
for the flags.

jdMorgan

1:57 am on Jun 8, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It's not an invalid request, as it *is* permissible for a client to request a fully-qualified URL. But it is unnecessary, and as you've seen, almost always indicates a proxy through-put attempt.

Jim

jdMorgan

2:05 am on Jun 8, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The generic code to block such attempts would be something like this: 

# BLOCK attempts to use our server as a proxy
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /?http:// [NC]
RewriteCond %{THE_REQUEST} !^[A-Z]+\ /?http://([^.:/#?\ ]+\.)*example\.com\.?(:[0-9]*)? [NC]
RewriteRule ^ - [F]

Replace example.com with your own domain name, with the period escaped as shown.

This will then allow a legitimate request such as

GET http://www.example.com/foo.html HTTP/1.1

but not
GET http://www.some-other-site/foo.html HTTP/1.1

Jim

[edited by: jdMorgan at 2:06 am (utc) on June 8, 2009]

smallcompany

6:40 pm on Jun 8, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



As always, thank you very much for help.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:33 am May 2, 2026