homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Banning by User-Agent

 1:45 am on Jan 31, 2011 (gmt 0)

I have a number of existing entries in my .htaccess file such as:

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|bin|spd|theme|module)$">
deny from all

but I now need to ban the use of an automated SQL injection tool which (handily) seems to identify itself in the User-Agent request header. My question is, can I simply add the following to my .htaccess file:

SetEnvIfNoCase User-Agent "Tool name here" bad_bot

<Files *>
Deny from env=bad_bot

Does the above syntax look correct? Can I safely add <Files *></Files> to a htaccess file which already contains <FilesMatch></FilesMatch> without confusing things? (I'm guessing yes but want to be sure)



 1:33 pm on Jan 31, 2011 (gmt 0)

Why not use the user-agent deny with mod_rewrite like so:

RewriteCond %{HTTP_USER_AGENT} goof|Extractor|GrabNet|InterGET [NC]
RewriteRule .* - [F]


 1:46 pm on Jan 31, 2011 (gmt 0)

Thanks mrtonyg, although to be honest I don't have the knowledge/experience to know which method is better. Very happy to hear further thoughts/comments!


 2:24 pm on Jan 31, 2011 (gmt 0)

Close to perfect a basic tutorial [webmasterworld.com]

Please note; many of the participants in this very old thread were actually making inquires and using badly formatted syntax.
Most of the UA's were even invalid at the time, forget about using most of them today


 3:41 am on Feb 1, 2011 (gmt 0)

Usually the best and fastest approach to finding out if something will work is to test it...

However, the answer to the initially-posted question is "Yes, that SetEnvIfNoCase construct should work."



 10:40 am on Feb 1, 2011 (gmt 0)

Thanks both, appreciate the replies.

PS Jim - could you check your inbox(es) for a couple of mails from me recently? Not sure if they made it through.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved