Include/exclude certain files when blocking files with RewriteRule

Question

With help from this answer I'm blocking attempts by bots to hack my web application using this RewriteRule

RewriteRule (?:foo.php|bar.pl|baz.py) - [R=503,L]

However, while I need to block access to foo.php with a 503 I also need access to naked-foo.php which the above code blocks.

Is there any way of specifically excluding a group of URLs from the rule.

Answer 1

The regular expression, I gave, seems to be too broad. It blocks all requests containing foo.php, bar.pl or baz.py. If you want to block exactly /foo.php and so on, you can wrap the pattern with ^...$

RewriteRule ^(?:foo.php|bar.pl|baz.py)$ - [R=503,L]

When the scripts can be in subdirectories, prefix with a slash

RewriteRule /(?:foo.php|bar.pl|baz.py)$ - [R=503,L]

You can also use more than one rule

RewriteRule ^(?:foo.php|bar.pl|baz.py)$ - [R=503,L]
RewriteRule /(?:foo.php|baz.py)$ - [R=503,L]
RewriteRule /bar.pl$ - [R=503,L]

or

RewriteRule ^foo.php$ - [R=503,L]
RewriteRule /foo.php$ - [R=503,L]
RewriteRule /bar.pl$ - [R=503,L]
RewriteRule baz.py - [R=503,L]

and be as specific or as broad, as you need to be.

Answer 2

You may try this:

RewriteEngine On

# Add files to exclude
RewriteCond %{REQUEST_URI} (1.php|2.html|3.txt) [NC]

# Or add file types to exclude (Remove the previous condition if used)
RewriteCond %{REQUEST_URI} \.(php|html|js)     [NC]

RewriteRule  .* - [L]

# Your rule
RewriteRule (?:foo.php|bar.pl|baz.py) - [R=503,L]