Showing posts with label Apache - Make forbidden specific GET request by matching pattern. Show all posts
Showing posts with label Apache - Make forbidden specific GET request by matching pattern. Show all posts

Sunday, June 9, 2019

Apache - Make specific GET request forbidden by matching pattern

If there are certain get requests which you want to make forbidden (403) on your server by matching pattern, you need to write certain rules in .htaccess or apache configuration file.

Here you can add following snippets in your apache configuration file and it will block all the GET requests which will match the pattern.

Suppose an http request is
http://porcupine.com/paymentcontroller.php?id=oculus&name=johnathan
You can block this request either by id or by name or by both. I am blocking by id.
<If "%{QUERY_STRING} =~ /id=oculus/">
  Require all denied
</If>

Reload apache.
Now all the requests contain text 'id=oculus' will be forbidden.