.htaccess RedirectMatch with Partial Not Match?

Question

I am managing a few WordPress installations and I'm tired of the error logs being full of 404 errors caused by bad bots that are constantly checking for style.css files in directories of known-hackable/exploitable themes, for example :

www.example.com/wp-content/themes/thestation/style.css

www.example.com/wp-content/themes/wootube/style.css

www.example.com/wp-content/themes/vibrantcms/style.css

There are a lot of different themes that the bad bots are searching for, so rather than write a rule for each one individually it would make more sense to have a redirectmatch that matches every instance of style.css so long as it's NOT in the directory of the actual theme I'm using.

For example if I'm using the theme in the directory /twentyten/ then the RedirectMatch should catch every attempt to access any style.css file in any directory other than the /twentyten/ directory.

Answer 1

AFAIK, you can't do this with RedirectMatch, but if you want to enable mod_rewrite, then are you trying to do something like the following:

<Directory .../wp-content/themes/>
    RewriteCond $1 !=twentyten
    RewriteRule ^(.*?)/style.css  badBotProbe/style.css [L]
    ...
</Directory>

(or some other flag such as [R=403]). The problem is whatever you do, the logs record the request parameter which will have these random styles, so you'd still need to do an intelligent filter.

You could remove these probes from the error logs by this rule to redirect the query to the prober instead:

    RewriteRule ^(.*?)/style.css  http://{%REMOTE_ADDR}/tryyourself.css [R=301]

but is this really what you want to do just to remove a 404 entry?

PS. the above assumes you have access to the root config. The same solution with a tweak works in the appropriate .htaccess

Answer 2

AFAIK there's no way to do this in Apache.

Can you set your own 404 page?

You can put redirection there.