LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-16-2011, 08:57 AM   #1
samnjugu
Member
 
Registered: Apr 2006
Location: Atlanta
Distribution: Centos, knoppix, Fedora, Mepis, Zenwalk, Mint
Posts: 142

Rep: Reputation: 16
securing wordpress with htaccess


I have a blog on my site and am using htaccess rewrite rules to block all those nasty scripts from trying to execute various things mostly relating to phpmyadmin and wordpress. This has reduced my httpd error logs to less than half from before.

Am trying to come up with a rule to rewrite all calls to certain files if they are not originating from my domain, here is how it looks right now but it's not working as I can see scripts trying to hit "wp-comments-post.php" getting a 500 Internal Server Error.

RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/.*$ [NC]
RewriteCond %{REQUEST_POST} .*wp-comments-post.php [OR]
RewriteCond %{REQUEST_POST} .*wp-app.php/service
RewriteRule .* - [F]

Any help with this will be greatly appreciated.
 
Old 05-16-2011, 09:41 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hi,

Two things, where are you enabling your rewrite engine (RewriteEngine On)? and where is the termination of the RewriteRules ([L]). Didn't look at the regex but those two things popped up. Also isn't it better to include them in your virtualhost declarations instead of in htaccess?

Kind regards,

Eric
 
Old 05-24-2011, 01:47 PM   #3
samnjugu
Member
 
Registered: Apr 2006
Location: Atlanta
Distribution: Centos, knoppix, Fedora, Mepis, Zenwalk, Mint
Posts: 142

Original Poster
Rep: Reputation: 16
Hi, thanks for you reply, the RewriteEngine is enabled before this particular rewrite condition and rule, as I have other rewrites before and after this one, but this particular one is the that seems not to be working. I dont have virtualhost setup/enabled.
 
  


Reply

Tags
htaccess, wordpress


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
wordpress aarsh Linux - Newbie 5 01-03-2011 09:20 AM
wordpress on nginx sandeepthug Linux - Software 1 07-23-2010 11:54 AM
Wordpress and .htaccess? gnosis_linux Linux - Software 1 04-03-2010 01:26 PM
LXer: The new WordPress LXer Syndicated Linux News 0 04-09-2008 02:10 AM
New to Wordpress subaruwrx General 0 10-31-2007 12:22 PM


All times are GMT -5. The time now is 05:19 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration