短篇小说:黑客添加了一百万个带有奇怪扩展名(例如.drf)的页面
现在,我想通过htaccess发出410标头。到目前为止,这是我目前没有的工作:
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !\.dfr$
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
RewriteRule ^.*\.dfr$ - [R=410]
# Not sure if I really need this, but whatever
ErrorDocument 404 default
有了这个,我仍然会得到wordpress 404页面,所以很明显缺少/错误
更新:
我尝试过了。结果相同(wordpress 404)。还有一些缓存规则,来自一个流行的插件,但没有放在其中
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
ErrorDocument 404 default
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule \.dfr$ - [NC,G,L]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
答案 0 :(得分:1)
在RewriteBase行下方添加此规则:
RewriteRule \.dfr$ - [NC,G,L]
您还可以使用标志[NC,F]返回更合适的403(禁止使用)。