1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:18 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Checking to see if this htaccess code is OK to use.

Trying to deal with bots.

         

grandma genie

4:38 pm on Sep 9, 2010 (gmt 0)

10+ Year Member



Hi jd and everyone.
I have added a code to my htaccess file (at the bottom) that I found in the osCommerce forums. I think it is working, but I don't want to use it if it is incorrect. I have seen similar ones in this forum, but don't know if the way my server is set up will be a problem. Here is the code:

########## BAD BEHAVIOR BLOCK rules to ban exploits
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ (php file here) [L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

RewriteRule php code here [NC,L]
RewriteRule (location of php file) [NC,L]

########### BAD BEHAVIOR BLOCK rules to ban exploits
<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 67.19.nnn.nnn

Is this the correct setup for htaccess? I noticed my server log error file is considerably smaller today. Might be a coincidence. This bot ban contribution was suggested by the folks in osCommerce since my site uses that software and I didn't want to mess up the php section of my site.

I already have this at the top of my htaccess file:

order allow,deny
deny from 61.245.nn.nn
allow from all

Does this conflict with the <Files 403.shtml>?

Thank you for your suggestions.

jdMorgan

4:58 pm on Sep 9, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



What is the purpose of the first rule? Specifically, why are you rewriting these requests to the filepath implied by "php file here"?

There are a couple of additional problems, but before coding, it's important to understand the requirements -- including the purpose and intent of each rule.

Jim

grandma genie

5:14 pm on Sep 9, 2010 (gmt 0)

10+ Year Member



Hi Jim - The purpose of the first rule is to track the IPs that are doing the exploits. They are supposed to be automatically included in the htaccess file when found with those notations in the query string. I have gotten one IP added to the htaccess since putting that code in, and it was some person doing this

RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]

That is why I assumed it was working. I added a folder to the root with a php file and an html file that are supposed to do that.

jdMorgan

5:55 pm on Sep 9, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'm not sure about the last two rules, but I'd code it like this: 

# Deny access using mod_access
Order deny,allow
#
Deny from 61.19.nnn.nnn
Deny from 61.245.nn.nn
#
# Override all Denys if robots.txt, "fatal" ErrorDocuments or bad-bot script are requested
<FilesMatch "^(robots\.txt|403\.shtml|500\.shtml|bad-bot\.php)$">
Allow from all
</FilesMatch>
#
# Set up mod_rewrite and enable rewriting
Options +FollowSymLinks
RewriteEngine on
#
# Skip ALL rewriterules if robots.txt, "fatal" ErrorDocuments or bad-bot script are requested
RewriteRule ^(robots\.txt|403\.shtml|500\.shtml|bad-bot\.php)$ - [L]
#
# Rewrite specific query-string exploit requests to IP-address-banning script
RewriteCond %{QUERY_STRING} mosConfig_[a-z_]{1,21}(=|\%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*(script|iframe).*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9a-z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} cPath=http:// [NC,OR]
RewriteCond %{QUERY_STRING} /self/ [NC,OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9a-z]{0,2}) [NC]
RewriteRule ^ /bad-bot.php [L]
#
# Return 403-Forbidden response for all but allowed HTTP methods
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|OPTIONS|PROPFIND)$
RewriteRule ^ - [F]
#
# Commented-out; Bad syntax or bad examples with no meaningful comments
# RewriteRule php code here [NC,L]
# RewriteRule (location of php file) [NC,L]


Jim

grandma genie

12:42 am on Sep 10, 2010 (gmt 0)

10+ Year Member



Hi Jim,

I am trying to answer your post but keep getting a partial post with the word "google" in it. Very strange. I will wait and see if whatever is wrong is fixed.

Grandma_genie

grandma genie

6:08 pm on Sep 10, 2010 (gmt 0)

10+ Year Member



If at first you don't succeed: I wanted to ask you if since the bad bot php file was residing in a folder on the server, would I need to include the name of the folder in the code, so it could be found? Thank you for your help, Jim.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:18 am May 2, 2026