I have a program that captures bad page requests and sends an email informing me of the request. Over the years, I have been able to take the majority of those requests and redirect them to a discontinued page. This works great except when the hackers insert entity codes in the url.
For example:
http://www.anydomain.com/%22http://www. ... /page.html
I can stop the http insertion except when %22 or any other entity is used. How do I pattern match for entities?
Here is what I have tried:
RewriteCond %{QUERY_STRING} ^site=http:(.+)?$ [OR]
RewriteCond %{THE_REQUEST} ^\%22http:(.+)$
RewriteRule ^.+$ http://www.theherbsplace.com/discontinued.html? [R=301,L]
The QUERY_STRING rule is for this kind of url:
http://www.anydomain.com/example.php?si ... .199/1.gif?
I appreciate your help in the past.
Thanks,
Randal