e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?4834 HTTP/1.1" 503 2199 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?4987 HTTP/1.1" 503 2199 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:26 -0700] "POST / ?4886 HTTP/1.1" 503 2199 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?5036 HTTP/1.1" 503 2199 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?4935 HTTP/1.1" 200 0 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?5549 HTTP/1.1" 200 0 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" e.net.log:99.99.999.999 - - [13/May/2010:19:19:27 -0700] "POST / ?5190 HTTP/1.1" 200 0 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)" that's example logs. As you can see this will produce a bad header request and ther is no url "/?5190" So it's a POST to a nonexistent URL. I'd like to make an htaccess directive to deny these as there are thousands that hit my server. I'm terrible with regex. I'd like some assistance if possible.
Try this: <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^?[0-9]{4}$ [NC] RewriteRule .* - [F,L] </ifModule>
Yeah I finally got it about 20 minutes after posting this but thanks for posting. Hopefully it will help the next guy. I actually used this: RewriteCond %{QUERY_STRING} ^([0-9]+)$ RewriteRule .* - [F] That will do any number of digits.