Mod Rewrite

[boxturt]

I have been working on this for days, and I'm sure you've seen several posts from me related to mod rewrite and trying to block sites. I have been reading and reading and trying and trying and I'm just not getting it. I actually dumped my entire .htaccess file (backed up of course) and put only the following in it:

 

>RewriteEngine on
#I tried with and without RewriteBase /
RewriteBase /  
RewriteCond %{HTTP_REFERER} (somesite\.com) [NC]
RewriteRule .* bad-referer.php [L]
#or RewriteRule .* - [F]

 

I linked from somesite.com and it doesn't work. I don't get it, what'd I miss?

Edited February 26, 2006 by boxturt

[TCH-JimE]

Hello,

 

Try this:

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://(www\.)?somesite.com*$ [NC]
RewriteRule (.*) /bad_referer.php [R,NC,L]

 

(The R is needed for a redirect)

 

Jimuni

Edited February 26, 2006 by Jimuni

[boxturt]

Looks frightening but I'll give it a go a little later. I've got to teach a few students today, yup, even on Sunday.

 

Thanks, I'll report back

[boxturt]

Thanks Jim but unfortunately it didn't work. I changed 'somesite', and 'bad_referer' to match my needs and put it in htaccess and no go. Then I backed up that one and started fresh and put the code in a fresh htaccess. It's the only thing in the file and it doesn't work.

 

Soooooooo confused. BTW, this all started because I noticed I was starting to get hits from sites I had previously blocked, which is odd in itself.

[TCH-Dick]

Ty, this is all you need

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} somesite\.com [NC]
RewriteRule .* bad-referer.php [L]

[boxturt]

Still no luck, and it is the only thing in the file.

 

I should probably mention that I've tried it on a couple differnt sites,

on different servers, with the same results.

Edited February 26, 2006 by boxturt

[TCH-JimE]

Hello,

 

Another version, although all the logic for these htaccesses assumes though that the domain name this website is using is the one doing the fetching (e.g. its not a frame link or something)

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?deals.*$ [NC]
RewriteRule .* - [F,L]

 

Just try replacing "deals" with the middle part of the domain name, don't piut a domain ending and leave the rewrite as is.

 

Jim

[boxturt]

No luck. I've tried all of the suggestions I can find, tried implementing them on 4 different sites across 3 servers. That has me convinced that it's me but I'm pretty sure I'm doing them all correctly:

 

>RewriteEngine on
RewriteCond %{HTTP_REFERER} ^(http://)?(www\.)?boxturt.*$ [NC]
RewriteRule .* - [F,L]

 

This is starting to stress me ouuuuuuuuut!!

 

Ah well, I'm still trying

[click]

Is this the only .htaccess file on the site? Make sure it isn't being overridden by another .htaccess in a subdirectory or something.

[boxturt]

Nope, nothing lurking about to override.

Permissions set to 644(?)

 

I originally tried this on a large site, on a different server, with an already large htaccess file and it didn't work. I thought hm, strange, let's go test it from a smaller site with a really small htaccess just to test. Didn't work there either. Then I eliminated everything in the file except for the snippet(s) that won't work.

[boxturt]

I found the problem! And I'm none too happy about it.

 

Thank you Norton, you piece of ............ um family forum Ty, be nice. Ahem

 

Norton Internet Security 2006 apparently doesn't send headers or something wierd - I don't know what-all except that when I turned it off temporarily all the blocks and domain-based redirects worked perfectly.

 

Ok, I searched a bit and found that NIS does NOT send referer headers by default.

 

Grr, this has some nasty implications then doesn't it?

[TCH-Bruce]

Thank you Norton, you piece of ............

 

I'll second that!

 

First thing I remove when I purchase a new computer that comes with it.

 

Anyway, glad you sorted it out.

[TweezerMan]

I have Norton Internet Security 2005. The setting that control whether referers are sent or not is under "Norton Internet Security", "Privacy Control". Click the 'Configure' button, then the 'Custom Level' button. The 'Enable Browser Privacy' checkbox will turn referers off and on when it is checked or unchecked.

 

Also, you can click the 'Advanced' button and referer sending can be configured on a global basis as well as per domain (the "Information about visited sites" box)

[boxturt]

Thanks for that David, and thanks to everyone else who responded.

 

This is far from the first issue I've had with NIS and probably not the last. If it weren't for TCH - Andy helping me a while back on the problem of NIS injecting code into pages I wouldn't have thought to look there at all.

 

So I'm guessing there is no way to block a domain if there are no headers sent?

 

I have another related issue / question but I think I'll start a new topic

[TCH-JimE]

Hello Boxturt

 

Norton Personnelly can't stand it and like TCH-Bruce, first thing that was deleted. I now use the CD as a rather good coffee coster.

 

Could be very difficult to block a domain if no headers are sent. It might also explain why you are now getting hits from the old domain name that you had blocked.

 

Nice going though!