hakre
msg:1502885 | 11:09 am on Jul 20, 2003 (gmt 0) |
this command will allow everyone access to the site, if the remote address (the adress of the user) matches the ip-address of mysite.com. maybe you want to password protect your site instead? -hakre
|
Brutus
msg:1502886 | 11:29 am on Jul 20, 2003 (gmt 0) |
Thanks for the reply Hakre The .htaccess file I have uploaded to the directory contains only the script posted, nothing more. When I try to access from my own site, or a site I wish to deny I get: Forbidden
You don't have permission to access /xxxx/xxxxp/xxxx/xxxx.html on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. When I replace it with a blank .htaccess file everything works again. I do not wish to password protect my site, I would however like to redirect anyone entering my site by anything other than the index.html page to be redirected to that page. As before, I am completely new to this and am having great difficulty with the tutorials. Any hepl/advice is greatly appreciated. Brutus --------------------------------------------------------------------------------
|
hakre
msg:1502887 | 11:41 am on Jul 20, 2003 (gmt 0) |
hi brutus, then you're looking forward a referrer check. the limit won't help you for this, it's host based, you can check against the user's ip adress in this case only. for this mod_rewrite [httpd.apache.org] seems to be recommended, forget about the 4,5 lines you have in there, just take a look onto this:
# Block foreign refferers
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://www.yoursite/.*$ [NC]
RewriteRule .*\$ - [F]
-hakre
|
Brutus
msg:1502888 | 12:22 pm on Jul 20, 2003 (gmt 0) |
Thanks again for the reply Hakre Looks like i am really out of my depth here! Tried your suggestion....Internal server error Nothing else in the file but # Block foreign refferers
RewriteEngine on
RewriteCond %{HTTP_REFERER}!^$
RewriteCond %{HTTP_REFERER}!^http://www.yoursite/.*$ [NC]
RewriteRule .*\$ - [F] I have taken a look at the mod_rewrite. Surely it must be easier to become a rocket scientist!
|
netcommr
msg:1502889 | 12:46 pm on Jul 20, 2003 (gmt 0) |
try this. <Limit GET>
Order Allow,Deny
Allow from mysite.com
</Limit> Allow,Deny
The Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server. |
|
|
Brutus
msg:1502890 | 1:02 pm on Jul 20, 2003 (gmt 0) |
Last suggestion denies everyone, just like the original I had. At least no server error this time, but I still can`t access that folder from my own site.
|
Brutus
msg:1502891 | 4:43 pm on Jul 20, 2003 (gmt 0) |
Brutus here again. A thought occured to me, maybe mod_rewrite is not available to me. I am checking with my ISP to find out. If it is not available is there another way to make the redirections I require?
|
tschild
msg:1502892 | 4:53 pm on Jul 20, 2003 (gmt 0) |
| A thought occured to me, maybe mod_rewrite is not available to me. |
|
You can exlude this reason for 500s by wrapping your mod_rewrite lines in an IfModule directive: <IfModule mod_rewrite.c>
lines associated with mod_rewrite go here
</IfModule>
|
jdMorgan
msg:1502893 | 5:00 pm on Jul 20, 2003 (gmt 0) |
Brutus, Posting on this forum modifies code sometimes - In this case, Hakre's code was missing some critical spaces ahead of the "!" characters. With a few other minor tweaks, try this. # Block foreign referrers
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.yoursite/ [NC]
RewriteRule .* - [F] Also, his point about the meaning of "allow from mysite.com" appears to have been missed; Using that directive will allow only your server to access your site. You want to allow anyone to access your site as long as they are referred by pages on your site. That is a different thing, and the distinction is in variable tested, HTTP_REFERER vs. REMOTE_ADDRESS. If the mod_rewrite solution still doesn't work w/the changes above, let us know. Jim
|
jdMorgan
msg:1502894 | 5:08 pm on Jul 20, 2003 (gmt 0) |
Brutus, Here's how you can test HTTP_REFERER using a modified version of your original code. SetEnvIf Referer "^http://www\.mysite\.com" allowit
SetEnvIf Referer "^$" allowit
<Limit GET>
Order Deny,Allow
Deny from all
Allow from allowit
</Limit> Jim
|
Brutus
msg:1502895 | 5:19 pm on Jul 20, 2003 (gmt 0) |
Hi Jim Bingo, it works like a dream. I would really like to thank all you guys who chipped in here, its nice to know that there are still some good guys out there. Again many, many thanks.
|
arielmeadow
msg:1502896 | 3:11 pm on Jul 29, 2003 (gmt 0) |
I'm looking to do something similar, but something I haven't seen addressed on webmaster world: I'm trying to use my HTACCESS file to redirect all users coming from a specific referring website. Most of the information I've found relates to preventing bandwidth theft via hotlinked images, but I'm having trouble converting that code to simply redirect users coming from the offending site to an informational page. I'm thinking it should be something like this <Limit GET POST>
Order Allow,Deny
Deny from [offensivesite.com...]
Allow from all
</Limit> ErrorDocument 403 [mysite.com...] This code doesn't seem to be working in the way I'm envisioning.
|
Friday
msg:1502897 | 1:20 pm on Aug 26, 2003 (gmt 0) |
FWIW: This seems* to work for me on a Linux(slackware)/Apache setup: <Limit GET>
order deny,allow
deny from 00.00.00.0
</Limit> As does thiss: <Limit GET POST>
order allow,deny
allow from all
deny from 00.00.00.0
</Limit> (with or without whitespace after the IP)
* When I add my own IP address to the directive, all I get is a blank page. When I remove it, the page loads.
|
jdMorgan
msg:1502898 | 3:02 pm on Aug 26, 2003 (gmt 0) |
Putting an IP address in a Deny from directive denies access by the machine at that IP address; it does not deny access by visitors referred by a link on a page served by the machine at that IP address. The confusion is between the "REMOTE_ADDRESS" and "HTTP_REFERER" variables. Deny from [httpd.apache.org] tests the "REMOTE_ADDRESS" variable by default. To test the "HTTP_REFERER" variable, you can use SetEnvIf [httpd.apache.org]:
SetEnvIfNoCase Referer "^http://www\.offensivesite\.com" DeniedRef
<Limit GET>
Order Allow,Deny
Allow from all
Deny from DeniedRef
</Limit>
Jim
|
Friday
msg:1502899 | 3:22 pm on Aug 26, 2003 (gmt 0) |
Thanks jdmorgan.
That's good to know.
Gonna' save it to my "Misc." directory.
;)
|
|
