Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

How to block invalid URL with query param contains extension(.alfa OR .php) on dispatcher

Avatar

Level 4

Valid URL
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001


Invalid URL going to AEM publisher.
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001/ALFA_DATA/alfacgiapi/perl.alfa
/content/govt/en/us/doctor/doctor-detail.html?doctorId=ss222-001/wp-plain.php

 

How to block invalid URL with query param contains extension(.alfa OR .php) on dispatcher ? Invalid URL need to redirect to error page.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi,

You can remove those query param using apache rewrite rule

 

Example

RewriteEngine On
RewriteCond %{QUERY_STRING} ^doctorId=.*(.alfa|.php)$
RewriteCond %{REQUEST_URI} /doctor/doctor-detail\.html$
RewriteRule (.*) $0?

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

Hi,

You can remove those query param using apache rewrite rule

 

Example

RewriteEngine On
RewriteCond %{QUERY_STRING} ^doctorId=.*(.alfa|.php)$
RewriteCond %{REQUEST_URI} /doctor/doctor-detail\.html$
RewriteRule (.*) $0?

Avatar

Level 4

Thanks @arunpatidar for your response. Multiple requests are coming from unknown ip(hacker). So We need to block the request and redirect to error page. Can we achieve it using filter section? 

Avatar

Community Advisor

I think, for that you have to use the DDoS protection.

 

But of you think, the query parameters are not required at backend, you can simply remove the query parameter from request propagation(example is above) so that cached page can be served.