Skip to main content

Strange encoded requests in logs

Comments

3 comments

  • cPanelMichael
    Hello @hostvision, I've seen a similar report from another administrator that added a ModSecurity rule like the one below in WHM >> ModSecurity Tools >> Rules List >> Add Rule to block direct requests matching strings like that: SecRule REQUEST_URI "\?s=%.*" "id:1001,deny"
    If you're already using existing ModSecurity rules, then you'd need to change "1001" with an unused ID number. Keep in-mind this is an untested rule, so you may want to run it by a system administrator or use a plugin such as
    0
  • hostvision
    Hi Michael, Thank you for the code, we use it and get rid of extra load generated by the crawler bots.
    0
  • cPanelMichael
    Hello @hostvision, I'm glad to see it helped. Thanks for sharing the outcome.
    0

Please sign in to leave a comment.