我的网站受到攻击的日志我在主页上随机查询:
IP - - [DATE] "GET /?random_letters_numbers=abracadabra HTTP/1.1"
我如何可以阻止这个查询只有主页,而不阻止utm_tags。
我设置了规则。htaccess:
RewriteCond %{QUERY_STRING} ^(?).{1,10}=.*$
RewriteRule .* - [R=503,L]
但此代码在utm标记中工作,因此会阻止它。
?utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test
记录档:
"GET /?CEosEj=BTC5fK HTTP/1.1"
"GET /?TZJWAv=fSbz0W HTTP/1.1"
"GET /?rLp5Fy=mH3Sro HTTP/1.1"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?vKcMMM=ZtMbVV HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?sQv4E1=faF26B HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Mobile Safari/537.36 OPR/63.3.3216.58675"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?1cPe0W=cN2HQC HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?fWF6uH=HQtAfD HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 Vivaldi/4.3"
IP - - [02/Aug/2022:10:37:53 +0300] "GET /?3YPAHg=EsvwFq HTTP/1.1" 200 299 "mydomain" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
2条答案
按热度按时间svmlkihl1#
我如何可以阻止这个查询只主页,而不阻止utm_tags。
您可以使用此规则;
在这里:
RewriteCond %{QUERY_STRING} (^|&)(?!(v|utm_[^=]+)=)[^=]+=
:确保查询字符串不是utm_...=...
或v=...
RewriteRule ^$
:仅匹配登录页面[F]
:将http状态403(禁止)发送回客户端Here is RegEx Demo
2lpgd9682#
请使用您显示的示例尝试以下htaccess规则。这些规则将检查查询字符串是否与值不完全匹配:
utm_source=wnc_10030322&utm_medium=gamma&utm_campaign=wnc_10030322&utm_content=test
然后阻止该URL。下面是htaccess规则中使用的正则表达式的Online demo。