Override htacces rule only for specific directory

I have a WordPress site with ithemes security installed plugin. I want to disable this rule:

RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]

only for this wp-content/uploads/xmls directory.

Relevant (summarised) section of .htaccess file:

# Begin HackRepair.com Blacklist
RewriteEngine on
# Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
:
: etc.
:
RewriteCond %{HTTP_USER_AGENT} YisouSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ZyBorg
RewriteRule ^.* - [F,L]
# Abuse bot blocking rule end

Topic apache mod-rewrite htaccess Wordpress

Category Web

1
answered at

To effectively disable that condition for that one URL-path, you will need to add another rule immediately before the rule in question. ie. before the # Abuse Agent Blocking comment.

For example:

# Allow an empty User-Agent for requests that start "/wp-content/uploads/xmls"
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^wp-content/uploads/xmls - [S=1]

# Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
: etc.

The first rule skips the following rule if the requested URL-path starts /wp-content/uploads/xmls and the User-Agent header is empty. So, it effectively bypasses the rule that would otherwise block it.

This does assume that the request maps to a physical file in that directory. ie. Not a request that would otherwise be rewritten to the WordPress front-controller (index.php).

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.