To prevent access from suspicious sources using an.htaccessfile, you can utilize several techniques. This post will show you how to employ a few methods to protect your web site by using Apache htaccess.
How to protect from suspicious sources by using Apache htaccess
Block IP Addresses:
The Apache htaccess file is a hidden file that is stored in the directory for which it is intended to control access. You can block specific IP addresses or a range of IP addresses using the following code in your.htaccessfile:
Order deny,allow
Deny from 192.168.1.10
Deny from 192.168.1.0/24Replace the IP addresses with the ones you want to block. You can specify individual IP addresses or use CIDR notation for a range of addresses.
Block IP Ranges:
If you want to block an entire IP range, you can use the following code:
Order deny,allow
Deny from 192.168.0.0/16This example blocks all IP addresses starting with192.168.
Block by Hostname:
If you want to block access based on the hostname, you can add the following code into Apache htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} example\.com [NC]
RewriteRule .* - [F]Replace example.com with the hostname you want to block.
Block Bad User Agents:
You can block specific user agents (browsers, bots, etc.) using the following code:
SetEnvIfNoCase User-Agent "UserAgentName" bad_user
Deny from env=bad_userReplace "UserAgentName" with the name or part of the name of the user agent you want to block.
Here are some known suspicious bad user agents integrated into Apache htaccess using RewriteCond %{HTTP_USER_AGENT}
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} "PleaseCrawl" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "^BlackWidow" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "SearchmetricsBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "SeznamBot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Snoopy" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Sogou" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "URI\:\:Fetch" [NC,OR]
RewriteRule ^.* - [F,L]Furthermore well-known abuse agents for htaccess you can find here.
Collected bad user agents and bad bots find at Hackrepair’s Pastebin.
Redirect Suspicious Requests:
If you prefer to redirect suspicious requests instead of blocking them, you can use the following code:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^203\.0\.113\.24$
RewriteRule ^(.*)$ http://example.com/suspicious [R=301,L]This example redirects any request from the IP address 123.45.67.89 to http://example.com/suspicious
Block access to files:
If you want to block access based on files you can use this code:
<files xmlrpc.php>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
</files>This example prevent access to wordpres XML-RPC.
Filter Suspicious Query Strings:
If you want to prevent access based on filter you can use this code in Apache htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
RewriteCond %{QUERY_STRING} !^loggedout=true
RewriteCond %{QUERY_STRING} !^action=jetpack-sso
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
RewriteRule ^.* - [F]
</IfModule>Remember to test these rules carefully and ensure they don’t accidentally block legitimate traffic. Additionally, make sure you have a backup of your.htaccessfile before making any changes.
