|
|
Posted by Ian Hobson on 09/08/07 23:44
Reffo wrote:
> Hi.
Hi Reffo,
>
> I'm very new to PHP, and just want to stop some attacks, and spammers.
>
> They all are using =http:// in the query string,
Not a php answer, but as you are using Apache, you might try
RewriteEngine on
RewriteCond %{QUERY_STRING} .*http:\/\/.*
Rewriterule ^(.*) /ignore [F]
This will return a "forbidden 403" error to any url where the query
string contains http:// anywhere in it.
I know that I will stop
> some other
> visitors too.
Nah.
I can't think of a legitimate visitor ever needing to put this in the
query string.
>
> Is it possible to put a script in my index.php to redirect people / robots
> using
> such commands / remote attacks? If so, I would like an example please!
>
It could be done with php, but the above will be quicker, and cover all
file pages, not just index.php.
> I would like to redirect them to another place that is banning them from my
> site.
I don't understand what this means.
You could send then elsewhere with
Rewriterule ^(.*) http://www.elsewhere.com/ [L]
in place of the Rewriterule above.
>
> I've tried using query_sting in htaccess without any luck.
>
You can place the code above in server config (anywhere in hpptd.conf),
virtual host, directory, or .htaccess context. For .htaccess to work
allowoverride must not be none.
For anything to work. mod-rewrite must be loaded. i.e. you find a line
in httpd.comf that is like...
LoadModule rewrite_module modules/mod_rewrite.so
And remove any leading #
Regards
Ian
Navigation:
[Reply to this message]
|