when I use uri path equals /wp-content/uploads
I can access the page by adding / at the end mysite.com/wp-content/uploads/
and if i use uri path equals /wp-content/uploads/
still can access the page mysite.com/wp-content/uploads
is there a way to block both other than adding 2 separate rules
I think the Web browser itself is either adding the trailing slash at the end of URLs, so I do not see a point of blocking it.
And if you block it, why so?
In some cases, the non-trailing slash and trailing slash version don’t redirect to the correct version. This can cause issues with crawling and duplicate content.
I might be wrong to understand the point, but I would recommend you to configure your origin host / server to not show the list of indexes, if worried about that?, either have an empty index.php file inside /uploads/ directory (if not by default).
If using Apache and .htaccesss file, it’s done by adding below line (usually returns the 403 Forbidden error) when someone tries listing the contents of the directory:
Options All -IndexesIf using Nginx an .vhost file:
location /somedir {
autoindex off;
}
It’s about URL rewriting / format.
Helpful articles:
@CroatiaHR
why dont you offload it to cloudflare instead of htaccess ?
why to allow unneeded hits if that page should not be accessed from outside
I use “contains” when I want a broader match. Like CONTAINS: content/uploads
@sdayman
yes. But that will block all sub pages
I only need equals for 2 pages
/wp-includes/
/wp-content/uploads/
Oh, I see.
You won’t need two separate rules. You can do this with an OR in the same rule.
@sdayman
you mean these:
/wp-includes/
/wp-includes
I know I am using 1 rule that includes bunch of pages. But just wanted to not type it twice with and without the / slash
Unfortunately, you’d need a Business or Enterprise plan to use Regex in Firewall Rules.
@sdayman
Could you please direct me to some document to see how to do it with regex
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.