%{REQUEST_URI} matches only the path part of the URL request. It does not match protocol, hostname, port number or query string.
If you want to match a specific query string, you will need another condition testing %{QUERY_STRING}
lucy24
9:22 pm on Jan 25, 2014 (gmt 0)
For safety's sake, make it \.php with escaped . period.
I tend to get anxious when there's a non-negative %{REQUEST_URI}. What does the body of the rule say?
g1, there's a drupal question awaiting your expert attention right next door...
roshaoar
10:55 pm on Jan 25, 2014 (gmt 0)
Thanks!
@lucy24 - 403 -
RewriteRule (.*) - [F]
lucy24
12:03 am on Jan 26, 2014 (gmt 0)
So the overall rule is "If any of these conditions apply, hit them with a 403?"
I'd put the wp-login into a separate conditionless rule:
RewriteRule ^wp-login - [F]
Save the conditions for things that apply to all requests, or ones where you're saying "the request is not suchandsuch".
You can use the [NC] flag if you like. But some robots actually go away faster if they meet a 404, which is what you'd get on most servers if you ask for WP-login when the file is really called wp-login. [NC] is a smidgen more work for the server, though it's pretty far down on the list of excessive demands.
