It would be great, if a rule could have exceptions.
here is an example -- but it would apply to other urls as well:
I see a lot of hacking attempts in the log like "this.php" or "that.php" or "some.php?somestring=...."
Typically, I as the admin, only run anything with *.PHP directly when I run update.php, so "update.php" should be the only valid .php URL that is ever run on the site
Right now, the only way to handle these entries in the log, is to create one new rule each for
this.php
that.php
some.php?
etc...
Because, if I write the rules as %.php, it would exclude update.php as well.
so you end up with a ton of rules!
But instead, really what I want to do is to have it ban all *.php requests, EXCEPT that one: update.php
so, I could create a general rule like that:
ban: .php
but I need to exclude update.php
I see two ways to do this:
- an exception could be added into any given rule,
- or, just like we have a whitelist for IP addresses, you could have whitelist for safe special paths, like "update.php" etc
That way, I could collapse many, many rules into just one.
Closed: works as designed
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.