Using QUERY_STRING to block comment spam

Topics: Developer Forum
Oct 22, 2007 at 7:15 PM

I'm trying to use the rewrite filter to block repetitive spam hitting a text box on a web page but I'm having problems with the regex.

The queries are always of the form:


so I've tried various attempts at a condition such as

RewriteCond %{QUERY_STRING} ^srch0=nice%20site*


RewriteCond %{QUERY_STRING} ^srch0=nice\x{25}20site*

but nothing's working. I've been studying the logs (v1.2.12c):

Mon Oct 22 19:40:46 2007 - ReplaceServerVariables: InputString='%{QUERY_STRING}' out='srch0=nice%20site'
Mon Oct 22 19:40:46 2007 - GenerateReplacementString: src='/?srch0=nice%20site','(null)' ReplacePattern='srch0=nice%20site' vec=[[ [ 0, 0] [] ] counts=1,0
Mon Oct 22 19:40:46 2007 - GenerateReplacementString: Substring index out of range (%20)
Mon Oct 22 19:40:46 2007 - EvaluateCondition: checking 'srch0=niceite' against pattern '^srch0=nice\x{25}20site*'
Mon Oct 22 19:40:46 2007 - Cond : -1 (No match)

and to me that suggests that the rewriter is changing to input string it gets from the QUERY_STRING before it tries to do a match.

I'm a little lost (regexes are not my day to day business) - is the above what's supposed to happen (and if so what pattern would match against my problem entries) or is the filter applying a replacement on a string that it shouldn't be ?