I have a blog on my site and am using htaccess rewrite rules to block all those nasty scripts from trying to execute various things mostly relating to phpmyadmin and wordpress. This has reduced my httpd error logs to less than half from before.

Am trying to come up with a rule to rewrite all calls to certain files if they are not originating from my domain, here is how it looks right now but it's not working as I can see scripts trying to hit "wp-comments-post.php" getting a 500 Internal Server Error.

RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{REQUEST_POST} .*wp-comments-post.php [OR]
RewriteCond %{REQUEST_POST} .*wp-app.php/service
RewriteRule .* - [F]

Any help with this will be greatly appreciated.

Hi,

Two things, where are you enabling your rewrite engine (RewriteEngine On)? and where is the termination of the RewriteRules ([L]). Didn't look at the regex but those two things popped up. Also isn't it better to include them in your virtualhost declarations instead of in htaccess?

Kind regards,

Eric

Hi, thanks for you reply, the RewriteEngine is enabled before this particular rewrite condition and rule, as I have other rewrites before and after this one, but this particular one is the that seems not to be working. I dont have virtualhost setup/enabled.