How to block direct seach requests?

  • Hello Community,
    I’m wondering if it is possible to allow site search only through the searsch widget instead of a direct (URL) call like /search/<seachterm> or /?s=<seachterm>

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    When you search from the search widget, the http request’s referrer should be your site. So, you could try blocking requests without a referrer or with some other site as the referrer.

    See https://codex.www.ads-software.com/Brute_Force_Attacks#Deny_Access_to_No_Referrer_Requests and modify the example to work with ?s and GET instead.

    Thread Starter dune1982

    (@dune1982)

    Hello Steven Stern,
    this is an interesting solution and sounds like it would be perfect.

    I’m not an expert with this so it would be cool if you could give me some more advice.

    So I would add this to my roots htaccess file:

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) https://%{REMOTE_ADDR}/$ [R=301,L]

    – instead of yourdomain.com I would use my domain.
    – what would I use for %{REQUEST_METHOD} as it is not about a post
    – what would I use for %{REQUEST_URI} is there a php file for the search or would I use the URL that is called from the bot here?

    Thanks for your help

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘How to block direct seach requests?’ is closed to new replies.