Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By majenko on
I have clean urls set up and working fine - so don't suggest turning that on.
What I want to do is to completely remove, or deny all access to, any pages accessed through the ?q=... query string. The reason is that the majority of spam registrations come in to http://example.com/?q=user and spam posting attemps go to http://example.com/?q=node/add
Since http://example.com/user and http://example.com/node/add work fine there is no need for me to support ?q=... any more - so how can I get rid of it and stop these spam registrations in their tracks? Or alternatively change the q to something else?
I found instructions on how to change the q to something else, but they are for drupal 5, and I am on drupal 7. Since then the common.inc file that needs editing has got a whole lot more complex, and there are many many references to $_GET['q'] etc.
So a simpler option would be, if possible, to just say "Is this a ?q=...? Yes? Then go away!". Is that possible?
----
Update:
I have added this snippet to the top of my bootstrap.inc:
if (array_key_exists("q", $_GET)) {
header("HTTP/1.1 403 Forbidden");
exit(0);
}
1. Will this cause problems?
2. Is there a better way of doing it?
Comments
.htaccess
I think your solution will work, as clean URL processing was moved into PHP with Drupal 7. But you could consider moving the query string test to .htaccess (or even your webserver's config file) and avoid even running Drupal.
Clever as I am I wouldn't
Clever as I am I wouldn't even begin to know how to do that...
RewriteCond
I was getting hits to ?q=node/add and user/register that I wanted to block. In the root .htaccess file, I added:
Look at this stackoverflow thread, or search for using RewriteCond or RedirectMatch in your htaccess file. You can probably check for any query string but offhand I'm not sure how to do that. This should get you started.