htaccess rewrite_rule causes loop; wordpress internal server error

A few days ago our website got attacked by several identified referer websites. the errorlog gets filled with around 1Gb failed requests daily and lots of internal sevrer errors in the wordpress installation.

to avoid this I wrote the following htaccess rewrite rules to stop trafic from specific referers.
So far they helped, the page improved it’s availability.
But still though the error log is now filled with:
[Sat Sep 22 13:14:29 2012] [error] [client 188.32.141.123] Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace., referer: http://www.aztecmebel.ru/index.php?productID=1883&picture_id=3919
I assume the rewrite rule [F] causes the loop by sending the referer to a failure page which again gets rewrote…
Any idea how to stop ths? e.g. if rule has been applied once, don’t do it anymore? I want to avoid that th eerrorlog gets further filled… and that unneccesary loops eat up CPU…

Options +FollowSymLinks
RewriteEngine On
RewriteBase /

RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]

RewriteCond %{HTTP_REFERER} aztecmebel.ru [NC,OR]
RewriteCond %{HTTP_REFERER} www.aztecmebel.ru [NC,OR]
RewriteCond %{HTTP_REFERER} thanglongflc.edu.vn [NC,OR]
RewriteCond %{HTTP_REFERER} www.thanglongflc.edu.vn [NC,OR]
RewriteCond %{HTTP_REFERER} gornji-rahic.net [NC,OR]
RewriteCond %{HTTP_REFERER} www.gornji-rahic.net [NC,OR]
RewriteCond %{HTTP_REFERER} ams.co.th [NC,OR]
RewriteCond %{HTTP_REFERER} www.ams.co.th [NC,OR]
RewriteCond %{HTTP_REFERER} yuanzhixing.com [NC,OR]
RewriteCond %{HTTP_REFERER} www.yuanzhixing.com [NC,OR]
RewriteCond %{HTTP_REFERER} forumdownload.net [NC,OR]
RewriteCond %{HTTP_REFERER} www.forumdownload.net [NC,OR]
RewriteCond %{HTTP_REFERER} ybcz.cn [NC,OR]
RewriteCond %{HTTP_REFERER} www.ybcz.cn
RewriteRule .* - [F]

Related posts

Leave a Reply

1 comment

  1. I assume the rewrite rule [F] causes the loop by sending the referer to a failure page which again gets rewrote… Any idea how to stop ths?

    It’s possible that’s what’s causing it, especially if you have a custom error document. The reason why the looping is happening is because you are checking the redirect status as 200, but the F flag makes the status 403. Try changing the first rule to match against a 403 instead:

    RewriteCond %{ENV:REDIRECT_STATUS} 403
    RewriteRule .* - [L]