I've been looking at a log created by a WordPress plugin called Bad Behavior and in it there are many entries from different IP addresses at various intervals during the day that are requesting the following URL:
POST www.example.com/index.php?pubkey=b13bdb8297326599cf86aj25274e6a0c&bvTime=1549500166&bvVersion=0.1&bvMethod=getdata&sha1=true&sig=53fb643e40685ed89aa6754483b0a0d06bf1e63d0
The part of the URL that remains the same is /index.php?pubkey=
then the rest is different for the other entries in the log.
What I am looking to do if it's possible, is to block those post requests via the .htaccess
in the root directory.
While researching I found this answer here: Restrict Access To index.php – Apache
But since I don't really understand how to build directives correctly in the .htaccess
file, I don't want to add something in there that can potentially block legitimate traffic or cause other problems.
Also while searching I found this piece of information at https://perishablepress.com/protect-post-requests/ but they warn you that using the following rule can be problematic if the website is not static and or uses forms, which this particular website does.
#deny all POST requests
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteRule .* - [F,L]
</IfModule>
So with that said, I hope enough information was added here that can help someone to help me find an answer to this particular problem.
Best Answer
The solution is indeed very similar to the question you linked to.
However, one question I would ask is, do you need to specifically target POST requests? Why not any request (GET or POST) that starts
/index.php?pubkey=
? Or does this carry some other meaning in WordPress?In which case, you can do something like the following at the top of your
.htaccess
file:No need for the
<IfModule>
wrapper. No need to repeat theRewriteEngine
directive as that is no doubt set later in the file.To specifically target POST requests then you can add another condition, as you did in your example:
This could happen if the above directive is in the wrong place in the
.htaccess
file and is conflicting with other directives. It needs to be at the very top of the.htaccess
file, before any existing mod_rewrite directives.This is far more general and blocks much more than just the URL stated in your question (possibly too much). These directives block any URL-path that contains
pubkey=
(case-insensitive) anywhere in the query string. So, it will block the following URLs (in addition to the URL stated above):example.com/foo/bar?pubkey=xyz
example.com/foo/bar/baz?abc=1&xyz=2&pubkey=
example.com/foo/bar/baz?def=2&xyz=3&PuBkEy=xyz
These directives can be simplified:
No need to capture the
RewriteRule
pattern or CondPattern. The regexpubkey=
is the same aspubkey=.*
. TheL
flag is not required when theF
flag is used. And as mentioned above, no need to repeat theRewriteEngine
directive or use the<IfModule>
wrapper.