Many automated bots and malicious crawlers roam the web looking for exposed files: database dumps (.sql
), Git repositories (.git/
), server logs, and other development artifacts. These aren't just harmless scans: if such files are accidentally present on your server, they can become major attack vectors, leaking sensitive data or codebase information.
Even if your infrastructure is clean, the flood of such requests pollutes your logs, slows down your reporting tools, and generates unnecessary load on your servers.
With redirection.io, you can quickly create a rule that instantly blocks access to these high-risk URL patterns, returning a 404 Not Found
status code, thus sending a clear message: "This ressource does not exist".
What does this redirection.io recipe do?
This recipe creates a "protective barrier" around your website by identifying suspicious requests and blocking them before they even reach your origin infrastructure. Typical targets include:
/db.sql
/.git/
/backup.tar.gz
/phpinfo.php
index.php.old
- and many others!
When a request matches one of these patterns, redirection.io returns a 404 Not Found
response to block access. The request is not logged, which helps reduce noise in your analytics and monitoring tools, and there is nothing to let the robot detect that a protection is in place..
Why should you use this recipe?
This is not just about performance — it’s about basic security hygiene. For websites hosted on traditional servers, headless stacks, CMS platforms, or static site generators, blocking known exploit attempts is a no-regret move. The recipe is particularly useful for:
- agencies managing multiple client environments who want to add a default security layer ;
- marketing or SEO managers tired of seeing garbage requests in their analytics tools ;
- IT teams seeking to reduce illegitimate traffic before it hits the origin backen servers.
It requires no changes on your server, no configuration of WAFs or firewalls. It just works.
If your website does not run WordPress, you might also want to install this complementary recipe: block WordPress URLs.
How to install this recipe on my website with redirection.io?
Installing this recipe on your website requires the following steps:
How to install this recipe?
-
Click on "Install on My Website": This will create redirection.io rules in "draft" mode that block known dangerous file patterns (like
.sql
,/.git/
,.env
, etc.) by returning a404 Not Found
status code. -
Review and publish the rules: Once satisfied, publish the rules to immediately activate the protection across your website.
You don't need to configure anything manually — the patterns are predefined to cover the most common exploit attempts.
Important: Please review the full list of rules created by this recipe before publishing. While the patterns are chosen to be safe, every website is different — make sure none of them interfere with legitimate files or routes on your infrastructure.