I have a slightly tricky question. I have a subdomain dedicated solely to handling form mail. The only real legit access anyone is going to have to this subdomain is via links from our main domain. I will only ever have a very limited list of valid URLs that can be requested and I want to make sure that anyone who is trying anything hinky (mostly spambots) get punished.
I have only three static pages, a simple index page that any one who makes a mistake will get to (also the root of the subdomain), a static Tech support form and a robots.txt. I also have 2 scripts. Form.pl which simply serves the form to the browser, formmail.pl which handles sending the mail. I'm also waffling between a poison script (to punish spammers) and simply sending a 403 (forbidden) or 410 (gone).
The following bit (in my .htaccess which is where I'm allowed to do this) and it works fine for what it does:
- Code: Select all
RewriteRule ^mailbox/([0-9]+)/?$ /form.pl?mailbox=$1 [NC,L]
RewriteRule ^mailbox/([0-9]+)/send/?$ /formmail.pl?recipient=$1 [NC,L]
RewriteRule ^$ /index.html [L]
The problem occurs when I want to send everything that is not one of these (or robots.txt) to my poison script. I've tried a whack of variations and this is my latest failed attempt:
- Code: Select all
RewriteCond %{REQUEST_FILENAME} !^$
RewriteCond %{REQUEST_FILENAME} !^robots\.txt$ [NC]
RewriteCond %{REQUEST_FILENAME} !^mailbox/([0-9]+)/?$ [NC]
RewriteCond %{REQUEST_FILENAME} !^mailbox/([0-9]+)/send/?$ [NC]
RewriteRule .* /poison.pl [L]
Regardless of where I put it, I 500 errors which seems to suggest that there is an infinite loop happening somewhere.
Any thoughts?
A
[/code]