Remove special characters in a URL

http://www.example.com/ar/shop-listing/health-beauty~@/#$&&&%%$%3Cscript%3E/

In this particular URL, everything after the # (hash) is the fragment identifier and is not sent to the server by the browser, so cannot be blocked server-side in .htaccess.

The server only sees:

/ar/shop-listing/health-beauty~@/

If the # was to be removed from this URL then this would be a wholly invalid URL (because of the improperly encoded % chars) and the server will respond with a “400 Bad Request”.

Aside: Not sure why WordPress would still resolve this URL to the “correct” URL? This is technically a different URL.

Rather than blocking special characters, it’s probably much easier to allow a whitelist of characters in the URL-path. Most URL-paths will only consist of lowercase a-z, - (hyphen) and / (slash – path separator), so we could simply block the request if any other character is present in the URL-path. This could be implemented using the following mod_rewrite directive at the top of your .htaccess file, before the existing WordPress directives:

RewriteRule [^a-z/-] - [R=404]

If the URL-path contains any characters other than those mentioned then it will trigger a 404.

Note that this only checks the URL-path, not the query string part of the URL.

Related Posts:

  1. How to rename the WordPress wp-login.php running on IIS6?
  2. Masking wp-content/themes/name/images to just images directory using htaccess
  3. Passing parameters to a custom page template using clean urls
  4. How to add custom rewrite rule to .htaccess?
  5. Use subdomain for certain urls
  6. Clash of the rewrites
  7. How do I remove a word from a url in WordPress using .htaccess?
  8. Hijacking the URL for filtering
  9. Rewrite rules in .htaccess get overwritten?
  10. Custom rewrite rules are sending everything to index.php
  11. custom htaccess rewrite rule for page
  12. Dynamic URL, not a physical page within the database
  13. unexpected problem in url rewrite
  14. How to change “wp-admin” to something else without search-replacing the core?
  15. Redirecting all old links from previous EE site to new WP site in one go?
  16. Prevent WordPress from automatically correcting URLs
  17. Two “.htaccess” Files Located in Different Directories?
  18. WordPress redirection to get url friendly
  19. Rewrite WordPress Custom URL
  20. External/non-WP rewrite rule without QSA
  21. Issue with using .htaccess to redirect feedburner feed
  22. Custom rewrite rule
  23. Add query string to url and display it as normal url part /folder/
  24. Alias ‘wp-content’ directory to something shorter (framework?)
  25. WordPress .htaccess – route other URLs to another app
  26. hard flush_rewrite_rules() not regenerating .htaccess
  27. Rewrite rule to load images from production does nothing
  28. Cleanup URL for a custom page in wordpress
  29. WordPress rewrite rules don’t need ^?
  30. WordPress SSL (https) is not working with custom permalink
  31. Changing RSS feed URL structure
  32. add_rewrite_rule fro html to another url not working
  33. Adding rewrite rules directly to .htaccess file
  34. NextGEN Gallery Lightbox – Social Share URL Redirect
  35. WordPress .htaccess blocks mine?
  36. Preserve Domain Alias
  37. My WP_options db rewrite_rules Does Not Work
  38. Disable Pagination on Pages
  39. Rewrite Preview URL to include index.php
  40. WordPress Redirecting Non Category Pages /page/nnn to their Canonical URLs
  41. .htaccess rewrite
  42. How can I dynamically generate an image with a static image URL?
  43. Change htaccess to redirect to index.php in subfolder
  44. How to remove wordpress directory slash
  45. Cannot access wp-admin without trailing slash – .htaccess configuration for WordPress behind a nginx proxy
  46. Changed pagination URLS to use p= instead of paged=
  47. Wildcard forward all posts and pages with few exceptions
  48. “View post” leads to odd URL
  49. React Router with WordPress
  50. joomla to wordpress migration and 404 errors issues [closed]
  51. Replace specific middle part of url
  52. Map secondary domain to other’s virtual subfolder
  53. Rewriting a subdomain page on one WordPress installation to a parent domain on another
  54. Customise particular RSS permalink
  55. htaccess rewrite, adding segment to url
  56. RSS feed rewrite matching wrong rule
  57. Rewrite vs Redirect from ?p={ID}
  58. Having WordPress control only certain pages with .htaccess?
  59. ow to change cutsom page url of wordpress site using htaccess
  60. Help with a custom rewrite
  61. How can i ensure that SQL statements are not displayed if an enduser types the wrong variable name in the URL
  62. Redirect htaccess [closed]
  63. Rewrite specific action url
  64. force www rewrite if wordpress put in a folder
  65. 301 Rewriting htaccess
  66. WordPress .htaccess ignore path and subsequent .htaccess files in subfolders
  67. How to customize sub-URLs in a wordpress website (.htaccess)
  68. Proper way to set up rewrite with Wp
  69. How do I make WordPress revise an .htaccess file a certain way?
  70. Rewrite rule that wp-login.php?action=register is left alone
  71. Exclude subfolder in WordPress permalink
  72. WordPress is adding “category” word before my actual category name in url (and this is unsolicited)
  73. Rewrite htacess rule doesn’t work
  74. WordPress pagination broken for page 2,3 with custom permalink. Redirects to baseurl
  75. Translatepress taxonomy and custom post type root FIX
  76. WordPress URL redirect and replace ? question mark
  77. Help with .htaccess setup to hide WordPress Directory
  78. Multiple permalink with and without category for same post
  79. Custom Params in URL
  80. Fresh install redirects to www, breaking page loads
  81. Rewrite Url using .htaccess or hook
  82. Is it possible to rewrite a page URL from ID to name from an API?
  83. Moved WordPress to Subdirectory, still hijacking requests to files outside of its directory
  84. Url wordpress rewrite
  85. Add ReWrite from Old Pages to WordPress (remove .php)
  86. ModRewrite not working properly
  87. Fully mask *all* traces of WordPress installation subdirectory?
  88. .htaccess RewriteRule to include post type and taxonomy
  89. Redirect A URL Pattern In WordPress Using .htaccess
  90. URL rewrite results in a 404, but everything should work!
  91. Rewrite Question
  92. Migration from old CMS to WordPress 301 redirection rules?
  93. Stop wordpress to redirecting home page if no page found
  94. Additional .htaccess rules based on wp page
  95. Changes done to .htaccess are not getting reverted back
  96. WordPress total posts per page changed and now 404 Http error comes out [closed]
  97. Can’t get pretty permalinks to work without index.php
  98. how to rewrite folder name in url to another name
  99. Add rewrite endpoint and .htaccess
  100. WP-Include rewrite directory