- Issue created by @berdir
We're currently seeing a large amount of requests against /node/X?_format=hal_json on multiple sites. This due to the old security issue around that, they are probing for vulnerable sites, not sure why that's still ongoing and there are hundreds of requests per date from a range if IP's, but it would be interesting if we could match regular expressions not just on the path but also the query string.
This might not be trivial, because current rules might expect the string to end the path, and and having them configured with $ at the end might no longer work if that now includes query string. so, maybe control it with a setting whether or not to consider the query string.
It of course would also not work with standard path based matching.
Active
3.0
Code