you can redirect request based on urls and various environment variables.
i'm not clear what you mean by this:

WP & fckeditor with search variables

hn.kd.ny.adsl

what is this?
the hostname of the requesting IP?
you could block this...
(note that if you do hostname lookups for every request it will slow down your server response)

WP: WordPress
fck editor: Online HTML Editor


URL Displayed: hn.kd.ny.adsl
Real URL: hn.kd.ny.adsl.cn (does not block easily)

deny Blank user agent takes care of those requests.

Not a blank user; they are using current browsers. I block the old junk ;)

RewriteCond %{REQUEST_URI} fck [NC]
RewriteRule .* - [F]

How about this?

RewriteCond %{REQUEST_URI} fck [NC]
RewriteRule ^(.*)$ http://%{REMOTE_ADDR}/ [F,L]

[edited by: phranque at 1:55 am (utc) on Aug 27, 2014]
[edit reason] unlinked url [/edit]

I'm trying to redirect WP & fckeditor with search variables back onto themselves using: [%{REMOTE_ADDR}...] [F,L]

That makes no sense. [F] isn't a redirect, it's a 403. Once you've said [F], everything else is ignored.

Did you mean that you want to intercept only the requests that come in with a query string, and not the query-less requests?

Never say

RewriteCond %{REQUEST_URI}

followed by a positive term (no leading ! for "request is NOT for etcetera"). Your server then has to waste time evaluating the condition on every single request, ever. The line belongs in the body of the rule. The part that does require a condition is the query string, if that's what you meant.

Besides, [F] implies [L] so [F,L] is always redundant.

URL Displayed: hn.kd.ny.adsl

in technical terms, where is this displayed?

Better?

RewriteCond %{REQUEST_URI} fck [NC]
RewriteRule ^(.*)$ http://%{REMOTE_ADDR}/ [L]

[edited by: phranque at 4:39 am (utc) on Aug 27, 2014]
[edit reason] unlinked url [/edit]

URL Displayed: hn.kd.ny.adsl

in technical terms, where is this displayed?

instead of the IP, and because he has domain name lookups in place.

Listed under IP; no IP Address, just hn.kd.ny.adsl only. Others sites states its a hn.kd.ny.adsl.cn

I did a little more searching & blocked a CN backbone also.

instead of the IP, and because he has domain name lookups in place.

in the server access log file?

Better?

RewriteCond %{REQUEST_URI} fck [NC]
RewriteRule ^(.*)$ http://%{REMOTE_ADDR}/ [L]

that response will send a 302 status code and a Location: header.

Server Access Log

hn.kd.ny.adsl - - [23/Aug/2014:00:46:10 -0500] "GET /admin/FCKeditor/editor/filemanager/browser/default/connectors/connector.php?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ HTTP/1.0" 404 6829 "-" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"

Ok, what is the proper variable directory redirect while using REMOTE_ADDR to deflect them back to their site?

I know just enough htaccess to be dangerous, knowing I am is half the battle... That's why I trying to figure this out; I see [F,L] on lots of code snippets.

instead of the IP, and because he has domain name lookups in place.

in the server access log file?

Yes.

Domain lookups change the standard format of log output.

I've a recollection that some other obscure syntax offers the same format result. Perhaps lucy recalls it, as I don't.

Never say
RewriteCond %{REQUEST_URI}
followed by a positive term

lucy,
I'm not sure if this explanation was for my response or ET's subsequent response to mine (or both)?

In any event, a more likely scenario is

RewriteCond %{THE_REQUEST} fck [NC]

Would This Block & Deflect The Buggers?

RewriteCond %{THE_REQUEST} fck [NC]
RewriteRule ^(.*)$ [%{REMOTE_ADDR}...] [L]

I'm not sure if this explanation was for my response or ET's subsequent response to mine (or both)?

Both. There is simply no reason to force the server to evaluate conditions on every single request when the same information can be put in the body of the rule.

RewriteCond %{REQUEST_URI} blahblah
RewriteRule .+ etcetera

===

RewriteRule blahblah etcetera

If the rule is only intended to apply when the unwanted visitor requests /fck/ then write the rule so it only kicks in-- and conditions are only evaluated-- when the pattern matches /fck/ *

Did anyone answer the question about search variables? It seems to be a red herring.

I see [F,L] on lots of code snippets.

Then a lot of code snippets are redundant, because there is never a need for [L] once you've said [F]. And, in any case, never ever use a flag unless you know what it means. There are about a dozen different flag in mod_rewrite, but you only need three or four of them to start. Especially in htaccess.


* The first time I saw this URL element, I didn't know it was a CMS thing, and assumed it was an Unfortunate Consequence of the site designer's non-native-speakerness.