Скрипт для уведомления о плохих запросах отловленных правилом в .htaccess

notify-bad-requests.php

<?php 

// report blocked requests
// @ https://perishablepress.com/detect-attacks-php-htaccess/
// 
// redirect bad requests with htaccess rule
// RewriteRule (.*) /path/to/notify-bad-requests.php?6g_1=%1&6g_2=%2&6g_3=%3 [R=302,L]

$email   = '[email protected]';
$subject = 'Blocked Request Report';

$patterns = array('6g_1', '6g_2', '6g_3');

$matches = '';

foreach ($patterns as $pattern) {
	
	if (isset($_GET[$pattern])) {
		
		$matches .= !empty($_GET[$pattern]) ? htmlentities($_GET[$pattern], ENT_QUOTES, 'UTF-8') : 'n/a';
		$matches .= ', ';
		
	}
}

$matches = trim(trim($matches), ',');

$request_uri  = isset($_SERVER['REQUEST_URI'])     ? urlencode($_SERVER['REQUEST_URI'])  : 'n/a';
$query_string = isset($_SERVER['QUERY_STRING'])    ? urlencode($_SERVER['QUERY_STRING']) : 'n/a';
$ip_address   = isset($_SERVER['REMOTE_ADDR'])     ? htmlentities($_SERVER['REMOTE_ADDR'],     ENT_QUOTES, 'UTF-8') : 'n/a';
$user_agent   = isset($_SERVER['HTTP_USER_AGENT']) ? htmlentities($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8') : 'n/a';

$report  = 'Matches: '      . $matches      ."\n";
$report .= 'Request URI: '  . $request_uri  ."\n";
$report .= 'Query String: ' . $query_string ."\n";
$report .= 'IP Address: '   . $ip_address   ."\n";
$report .= 'User Agent: '   . $user_agent   ."\n";

mail($email, $subject, $report);

die('Invalid Request');

?>

At DOS attack mail() function would be vlocked by virtual host provider. So it's better to collect log into a file and send it if it changed for exapmle once in 5 minutes.

After sending the report, the request is blocked via die()