chriscasemart

joined 1 year ago
 

I'm using a self-hosted installation of PHPList to manage a newsletter.

Subscribers can be added via a POST to this URL:

https://www.[WEBSITE]/lists/?p=subscribe

It's presently overrun by bots.

I added this to .htaccess to block this URL

RewriteEngine On

RewriteCond %{QUERY_STRING} ^p=subscribe$ [NC]

RewriteRule ^ - [F]

Now, if you visit the subscription page above it will give a 403 error.

But, you can still add subscribers by using a POST to this URL.

How can I actually block folks from using this URL to subscribe?