Tighten the config block rules.

Currently the 403 LB block for config is being too greedy. Can we please tighten it up to allow legitimate urls such as these through?

https://wordpress.org/support/users/sconfig/, https://profiles.wordpress.org/sconfig/

Ref: #4776-meta

#prio3

#4776-meta