Tonymaestri Posted October 2, 2005 Posted October 2, 2005 Is there a way to prevent users from accessing our site when coming from a specified referrer? Can we do this by using the IP Deny Manager, entering the referrer's URL? Thanks Quote
TCH-Andy Posted October 2, 2005 Posted October 2, 2005 Hi, I don't think you can do it in cpanel. If you edit your .htaccess though and add >rewriteEngine on rewriteCond %{HTTP_REFERER} referrerdomain\.com rewriteRule .* - [F] It should work. Quote
Tonymaestri Posted October 2, 2005 Author Posted October 2, 2005 Hi, I don't think you can do it in cpanel. If you edit your .htaccess though and add >rewriteEngine on rewriteCond %{HTTP_REFERER} referrerdomain\.com rewriteRule .* - [F] It should work. It doesn't. We copied the code in our .htaccess and replaced "referrerdomain\.com" with the url we want to exclude... did we do something wrong? Quote
TweezerMan Posted October 2, 2005 Posted October 2, 2005 Without seeing what you actually put in your .htaccess file, it's hard to say whether there's anything wrong or not. .htaccess files, and mod_rewrite directives in particular, can be finicky about even one character mis-typed. I am cuirous - how do you know so quickly that it is not working? We copied the code in our .htaccess and replaced "referrerdomain\.com" with the url we want to exclude... I don't know if you literally meant you put the entire URL in the .htaccess file, but in this case, you want to enter just the domain name from the referer URL you want to exclude, with the periods (dot characters) in the domain name escaped with a '\' ('\.'). What TCH-Andy suggested should have worked. I would recommend a variant of what TCH-Andy posted: >RewriteEngine On RewriteCond %{HTTP_REFERER} referrerdomain\.com [NC] RewriteRule .* - [F] Using 'r' instead of 'R' on the Rewrite directive names shouldn't matter. On the RewriteCond directive, the trailing '[NC]' indicates "No Case", meaning that the comparison to the referer is a case-insensitive one. (It will catch 'ReferrerDomain.com' as well as 'referrerdomain.com', for example.) If you need to block more than one referer domain, each RewriteRule directive except the last one must also contain the [OR] flag, so the referer will be blocked if it matches any one of the RewriteCond directives, rather than having to match all of them at the same time (the default behavior): >RewriteEngine On RewriteCond %{HTTP_REFERER} referrerdomain\.com [NC,OR] RewriteCond %{HTTP_REFERER} referrerdomain2\.com [NC] RewriteRule .* - [F] Another method to block access by referer, using different .htaccess directives: >SetEnvIfNoCase Referer referrerdomain\.com bad_referer Order deny,allow Deny from env=bad_referer Again, you'd replace 'referrerdomain\.com' with the domain name from the referer URL you want to block (and escape the dots in the domain name - '\.'). If you need to block additional domain names by referer, you can insert more SetEnvIfNoCase lines before the 'Order' directive as necessary. Hope this helps... Quote
Tonymaestri Posted October 2, 2005 Author Posted October 2, 2005 Hi David! This is Black Cat using husband's pc Well, the problem is, a guy in a forum using my son's pics and offending me with several bad words. He linked us, and we don't want his users to read our domain pages. They are located on http://www.forumfree.net, in one of their hundreds forums. I put both these lines in my .htaccess: >SetEnvIfNoCase Referer forumfree\.net bad_referer Order deny,allow Deny from env=bad_referer ... But clicking on the link on their pages still opens mine. This is how we found so quickly it did not work... Anyway, l don't know if this is something similar to "referrer spam", 'cause l don't care to find their url in my referrer, what l want is their link not to work at all, for the abovementioned reasons Quote
TweezerMan Posted October 2, 2005 Posted October 2, 2005 Your computer may be displaying a locally cached version of your web site, which could make it appear that the .htaccess directives aren't working. You might try clearing your browser's cache, then clicking that link again to see if the .htaccess blocking is really not working. If you'd be willing to PM me a link on their site that contains a link to yours, I can check your .htaccess blocking from my PC also. Quote
Tonymaestri Posted October 3, 2005 Author Posted October 3, 2005 Your computer may be displaying a locally cached version of your web site, which could make it appear that the .htaccess directives aren't working. You might try clearing your browser's cache, then clicking that link again to see if the .htaccess blocking is really not working. If you'd be willing to PM me a link on their site that contains a link to yours, I can check your .htaccess blocking from my PC also. You have a PM with the link. Thanks. Quote
TweezerMan Posted October 3, 2005 Posted October 3, 2005 BlackCat and I have exchanged a few PMs on this already. The problem was code like this that was already in the .htaccess file: ><Limit GET POST> order allow,deny allow from all </Limit> Since a web page request will typically be a 'GET' request, the web server will obey the above directives (as they are in a more specific context) and ignore the ones that you added to the .htaccess file (which were not in a specific context). With this configuration, the web server will not enforce any 'deny from' directives elsewhere in the .htaccess file - it will grant access to everyone based on the 'allow from all' directive. I suggested to BlackCat that she change the above directives to the following: ><Limit GET POST> order deny,allow </Limit> ...and remove the 'order' directive from the code I suggested to block referers from the site in question: >SetEnvIfNoCase Referer referrerdomain\.com bad_referer Deny from env=bad_referer BlackCat informed me that links from that site are now being properly blocked. Quote
TCH-Thomas Posted October 3, 2005 Posted October 3, 2005 Well done David. I´m glad it got solved for you Black Cat. Quote
Blackcat Posted October 5, 2005 Posted October 5, 2005 (edited) Well, my htaccess has been PERFECT!!! For 36 hours only. Suddenly this morning, without any further modification, all domain pages were forbidden Guys at ticket desk told me to discuss it on Forums, so here I am again I don't have anything to hide, so I will copy my htaccess down here: ># -FrontPage- IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti* <Limit GET POST> #The next line modified by DenyIP order allow,deny </Limit> SetEnvIfNoCase Referer forumfree\.net bad_referer Deny from env=bad_referer <Limit PUT DELETE> order deny,allow deny from all </Limit> AuthName www.bloggy.biz AuthUserFile /home/username/public_html/_vti_pvt/service.pwd AuthGroupFile /home/username/public_html/_vti_pvt/service.grp <Files 403.shtml> order allow,deny allow from all </Files> deny from 195.43.182. deny from 80.181.123.178 Redirect temp /rolli http://www.rolliblog.net php_flag session.use_trans_sid off deny from 38.113.204.59 deny from 69.50.173.244 deny from 216.195.34.151 deny from 216.150.91.66 deny from 66.93.178.141 deny from 207.44.248.42 deny from 66.196.101.85 deny from 212.171.164.143 deny from 216.148.212.182 deny from 81.75.64.155 deny from 213.189.170.232 deny from 80.28.221.176 deny from 81.208.36.86 deny from 81.208.60.205 deny from 65.75.139.90 deny from 65.75.190.110 deny from 66.197.185.117 deny from 198.163.144.20 deny from 81.188.4.4 deny from 63.252.191.105 deny from 213.91.217. deny from 213.91.216. deny from 67.19.91.50 AddType application/x-httpd-php .html .php .htm deny from 168.143.118. deny from 68.125.27. deny from 208.53.138. deny from 66.144.5. deny from 64.141.68. deny from 64.19.80. deny from 66.144.4. deny from 148.244.150. deny from 66.221.193. deny from 69.50.64. deny from 195.225.244. deny from 69.13.185. deny from 64.241.49. deny from 217.6.171. deny from 80.65.102. deny from 217.172.65. deny from 204.60.65. deny from 68.142.142. deny from 172.137.47. deny from 207.44.192. deny from 213.156.63.50 deny from 195.24.72. deny from 61.19.243. deny from 81.115.88.122 deny from 80.180.52.111 deny from 217.26.151.55 deny from 161.58.59.8 deny from 64.234.220.141 deny from 213.146.149.137 deny from 130.94.135. deny from 219.150.118.16 deny from 82.49.29.251 deny from 82.54.237.137 deny from 80.180.2.64 deny from 69.50.166.2 deny from 62.123.121.53 deny from 62.123.118.7 deny from 82.57.50.168 deny from 82.55.114.228 deny from 192.114.144.14 deny from 212.150.75.18 deny from 195.97.106.206 deny from 200.122.140.35 deny from 82.3.32.73 deny from 85.18.136.87 deny from 85.195.119.22 RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://barchettedicarta.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://barchettedicarta.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://blackcat.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://blackcat.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://blackcat.it/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://blackcat.it$ [NC] RewriteCond %{HTTP_REFERER} !^http://bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://calzinospaiato.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://calzinospaiato.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://calzinospaiato.splinder.it/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://calzinospaiato.splinder.it$ [NC] RewriteCond %{HTTP_REFERER} !^http://comgas.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://comgas.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://comgas.clarence.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://comgas.clarence.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://edit.splinder.com/myblog/view_comments/20148/2872854/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://edit.splinder.com/myblog/view_comments/20148/2872854$ [NC] RewriteCond %{HTTP_REFERER} !^http://edit.splinder.com/myblog/view_comments/20148/3913882/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://edit.splinder.com/myblog/view_comments/20148/3913882$ [NC] RewriteCond %{HTTP_REFERER} !^http://englishblackcat.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://englishblackcat.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://forum.clarence.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://forum.clarence.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://gattosphere.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://gattosphere.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://highlanderdj.altervista.org/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://highlanderdj.altervista.org$ [NC] RewriteCond %{HTTP_REFERER} !^http://ipsedixit.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://ipsedixit.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://megattera.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://megattera.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://megattera.splinder.it/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://megattera.splinder.it$ [NC] RewriteCond %{HTTP_REFERER} !^http://mrcale.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://mrcale.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://placidasignora.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://placidasignora.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://polpette.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://polpette.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://prova.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://prova.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://sock-it.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://sock-it.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://tony.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://tony.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://vocablogario.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://vocablogario.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blackcat.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blackcat.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blackcat.it/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.blackcat.it$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.calzinospaiato.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.calzinospaiato.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.comgas.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.comgas.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.englishblackcat.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.englishblackcat.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.gattosphere.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.gattosphere.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.ipsedixit.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.ipsedixit.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.megattera.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.megattera.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mrcale.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.mrcale.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.oracamminiamoeretti.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.oracamminiamoeretti.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.placidasignora.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.placidasignora.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.polpette.splinder.com/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.polpette.splinder.com$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.prova.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.prova.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.rolliblog.net/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.rolliblog.net$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.sock-it.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.sock-it.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.splinder.com/myblog/view_comments/20148/3913882/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.splinder.com/myblog/view_comments/20148/3913882$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.tony.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.tony.bloggy.biz$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.vocablogario.bloggy.biz/.*$ [NC] RewriteCond %{HTTP_REFERER} !^http://www.vocablogario.bloggy.biz$ [NC] RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC] deny from 82.96.100.100 deny from 68.193.246.249 Any idea? Now all my "doors" are open, I had to completely delete htaccess to grant my users access to Forum and Blogs... Edited October 5, 2005 by TCH-Thomas Quote
TweezerMan Posted October 5, 2005 Posted October 5, 2005 I suggested to BlackCat that she change the above directives to the following: ><Limit GET POST> order deny,allow </Limit> ><Limit GET POST> #The next line modified by DenyIP order allow,deny </Limit> The Order directive has somehow become the reverse of what I suggested. With 'Order allow,deny' in place, server access is denied by default unless there is a matching allow directive. There are no 'allow' directives in your .htaccess file, so everyone is denied access to the web server. You should be able to restore your server access by replacing the Order directive with "order deny,allow". This configures the server to allow access by default, unless there is a matching deny directive. Quote
Blackcat Posted October 5, 2005 Posted October 5, 2005 The Order directive has somehow become the reverse of what I suggested. With 'Order allow,deny' in place, server access is denied by default unless there is a matching allow directive. There are no 'allow' directives in your .htaccess file, so everyone is denied access to the web server. You should be able to restore your server access by replacing the Order directive with "order deny,allow". This configures the server to allow access by default, unless there is a matching deny directive. May it happen that something changed when adding an ip address from IpDeny Manager? Everything returned ok... now l'll keep a copy of the working htaccess and replace it when something go wrong Thankyouthankyouthankyou David! Quote
TweezerMan Posted October 5, 2005 Posted October 5, 2005 May it happen that something changed when adding an ip address from IpDeny Manager? The IP Deny Manager is probably indeed what changed that line when you added a new IP address. You could manually add IP addresses you want to ban to your .htaccess file - all you need to do is add a new 'deny from xx.xxx.xx.xxx' line for each IP address you want to ban. Quote
abinidi Posted October 5, 2005 Posted October 5, 2005 I think that these two lines may be showing your user ID. If that is the case, a moderator should probably edit them to protect the user ID: AuthUserFile /home/<username>/public_html/_vti_pvt/service.pwdAuthGroupFile /home/<username>/public_html/_vti_pvt/service.grp Quote
TCH-Thomas Posted October 5, 2005 Posted October 5, 2005 To Black Cat: I have edited out what Paul noticed. Quote
Blackcat Posted October 6, 2005 Posted October 6, 2005 I think that these two lines may be showing your user ID. If that is the case, a moderator should probably edit them to protect the user ID: Thank you, I did not notice that... and thanks to Thomas too Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.