I want to block all access to the post/tag/example-here pages on a WordPress site, but the following does not work. The .htaccess access file is being parsed. It is at the root of the site (ie the public_html) on a regular cPanel account. I’ve tried with and without the leading slash. I don’t understand why it wouldn’t be working.
RewriteCond %{REQUEST_URI} ^post/tag/
RewriteRule .* - [F]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
RewriteCond %{REQUEST_URI} ^post/tag/
RewriteRule .* - [F]
The REQUEST_URI server var does start with a slash (it is a full root-relative URL-path), although you do say you have tried this “with and without the leading slash”, so this should have worked if that is what you are referring to and /post is the first path-segment in the URL-path.
However, you don’t need the additional RewriteCond directive here as the URL check can (and should) be performed in the RewriteRule directive instead. For example:
RewriteRule ^post/tag/ - [F]
In this case, there is no slash prefix on the RewriteRule pattern.
If that is still failing then try matching against THE_REQUEST instead, which contains the first line of the request headers and is not modified by other rewrites (unlike REQUEST_URI and the URL-path matched by the RewriteRule directive).
For example:
RewriteCond %{THE_REQUEST} ^[A-Z]{3,7}s/post/tag/
RewriteRule ^ - [F]
THE_REQUEST would contain a string of the form:
GET /post/tag/example-here HTTP/1.1
Still not working… then make sure you don’t have a custom 403 ErrorDocument that is routing the request through WordPress. If you have not defined anything yourself, then this could still be defined in the server config (by your host), which you can reset to the Apache default with the following in .htaccess:
ErrorDocument 403 default
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0