0

Hey, I need to filter out requests with certain PHP value in HTACCESS and I cant find how to do that.

The problem is there is someone spamming my site with special PHP value and it keeps my server overloaded.

The URL is www.site.com/?q=XXXXX. I need to filter out all requests like this (with ?q=XXXX) and redirect them to homepage instead.

I tried this but it doesnt work properly (there is a loop).

RewriteCond %{QUERY_STRING} q=(.*)
RewriteRule ^(.*) http://www.site.com

Thanks

Improve this question

3 Answers 3

Reset to default
1

why dont u clean out whatever is being put into the _GET value? (using php)

at the top of the php file put something like:

if(isset($_GET['q'])){  
   header('Location: homepage.php');
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

because i need that value. it's a search value and i have another rewrite from site.com/search/XXXX to index.php?q=. Someone probably included the query in some remote search and I just dont want to access it directly.
im still not sure what you want to do, i quote The URL is www.site.com/?q=XXXXX. I need to filter out all requests like this (with ?q=XXXX) and redirect them to homepage instead. which means u dont want the get value of q=...
I want to filter out all direct requests to www.site.com/?q=XXXX but at the same time i need this value for www.site.com/search/XXXX. and i dont want to do it in PHP but directly in HTACCESS so I dont have to hit PHP because I have static caching running there.
so use php's $_SERVER values and check the uri in php to make sure they are accessing it correctly
as I wrote, I dont want to use PHP, I want to do it directly in HTACCESS. i know its possible, I just need small edit of the code I posted here...
0

If someone is spamming you hard enough to overload your server you should look at blocking their IP address/addresses or something along those lines if possible.

Also I would suggest letting those requests die() rather than making them send you another request when they load your homepage. Or maybe keep them busy by redirecting to a domain that doesn't exist or something but that may or may not have an impact on them.

Improve this answer

4 Comments

It's not possible to block them as for some reason the requests come from different IPs. Its not like DDOS or something...
Requests coming from different IPs to overload a server is exactly what DDOS means.
but this is not DDOS its just some different website which accesses my server remotely and uses my database for search
If that's what's going on then your htaccess solution will be trivial to get around. Either block their ips (all of them) or find a better way to detect legitimate users. Maybe set a session variable when someone visits and only perform the search if you can retrieve it or something.
0

have you thought about counting "X"? if the ?q=X == true, continue, otherwise if q>9 then you know someone is messing with it and restrict them

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.