homepage Welcome to WebmasterWorld Guest from 54.234.60.133
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Banning by User-Agent
macavity




msg:4260339
 1:45 am on Jan 31, 2011 (gmt 0)

I have a number of existing entries in my .htaccess file such as:

<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|bin|spd|theme|module)$">
deny from all
</FilesMatch>

but I now need to ban the use of an automated SQL injection tool which (handily) seems to identify itself in the User-Agent request header. My question is, can I simply add the following to my .htaccess file:

SetEnvIfNoCase User-Agent "Tool name here" bad_bot

<Files *>
Deny from env=bad_bot
</Files>

Does the above syntax look correct? Can I safely add <Files *></Files> to a htaccess file which already contains <FilesMatch></FilesMatch> without confusing things? (I'm guessing yes but want to be sure)

 

mrtonyg




msg:4260542
 1:33 pm on Jan 31, 2011 (gmt 0)

Why not use the user-agent deny with mod_rewrite like so:

RewriteCond %{HTTP_USER_AGENT} goof|Extractor|GrabNet|InterGET [NC]
RewriteRule .* - [F]

macavity




msg:4260553
 1:46 pm on Jan 31, 2011 (gmt 0)

Thanks mrtonyg, although to be honest I don't have the knowledge/experience to know which method is better. Very happy to hear further thoughts/comments!

wilderness




msg:4260560
 2:24 pm on Jan 31, 2011 (gmt 0)

Close to perfect a basic tutorial [webmasterworld.com]

Please note; many of the participants in this very old thread were actually making inquires and using badly formatted syntax.
Most of the UA's were even invalid at the time, forget about using most of them today

jdMorgan




msg:4260965
 3:41 am on Feb 1, 2011 (gmt 0)

Usually the best and fastest approach to finding out if something will work is to test it...

However, the answer to the initially-posted question is "Yes, that SetEnvIfNoCase construct should work."

Jim

macavity




msg:4261076
 10:40 am on Feb 1, 2011 (gmt 0)

Thanks both, appreciate the replies.

PS Jim - could you check your inbox(es) for a couple of mails from me recently? Not sure if they made it through.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved