1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 10:54 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Someone is trying to use CGI scripting to grab page

         

Tat4Life

6:14 am on Jan 26, 2005 (gmt 0)

10+ Year Member



Hi everyone,
Let me say thanks to JD and Keymaster, you guys put me to work this weekend,I felt like we were a bunch of guys around the campfire sipping on some Jack Daniels :-)...I read and search as much as I can from hotlinking solutions to bot banning, the suggestions I applied, not only slowed down the bandwidth/hotlinking hoggers, not stop it completely ,mind you, but throttle it down tremendously none the less. I implemented as much as my novice mind could muster in a weekends time...Thanks.

Now the question, since implementing the above solutions and diligently studying my error logs, I found instances where somebody tried to implement CGI scripting to grab one of my 8 sites (unsuccessfully). <snip> ...But the kicker is my site is a free site! Why would someone need to try and grab my site if its free...who knows.

I would like to ban the IPs as I have a WhoIS software and identified the offending IPs. Problem, I have about 30 IPs and ranges of IPs too. I want to totally ban these folks into the cyber blackhole. I know the IP listing will go. I'm looking for simplicity and not to have my .htaccess so bloated that I need Contents to read it. Will using the "SetEnvIf" be appropriate or the DENY directive? or implementing a scripting solution for automation?

Again, thanks!

[edited by: jdMorgan at 11:16 pm (utc) on Jan. 26, 2005]
[edit reason] Removed specifics [/edit]

jdMorgan

11:15 pm on Jan 26, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Tat4Life,

Welcome to WebmasterWorld!

> Will using the "SetEnvIf" be appropriate or the DENY directive?

Not sure I understand the question here. SetEnvIf is used to set an environment variable depending on the value of a request-based variable, such as the IP address, user-agent, referrer, etc. The Allow and Deny directives can then be used to allow or deny access based on the value of the variable set by SetEnvIf. You can create "Deny from" directives based on the visitors' IP addresses or on environment variables, but not on other request variables. So, if you want to deny access based on anything except IP addresses, you need both. You can also use the SetEnvIf method for IP addresses, but this is optional.

Here's a mixed-use example: 


# Set "ban" variable for unwelcome visitors
SetEnvIf Remote_Addr ^192\.168\.68\.134$ ban
SetEnvIf Remote_Addr ^192\.168\.69\. ban
SetEnvIf User-Agent ^larbin ban
SetEnvIf Referer iaea\.org ban
SetEnvIf Remote_Addr ^192\.168\.157\.1(7[6-9]¦8[0-9]¦9[01])$ ban
#
# Block unwelcome visitors except for custom 403 pages and robots.txt file
SetEnvIf Request_URI "(403[^.]*\.html¦robots\.txt)$" allowit
<Files *>
Order Deny,Allow
Deny from env=ban
Deny from 192.168.0.0/24
Allow from env=allowit
</Files>

A list of 30 IP addresses and ranges isn't tiny, but it's very small compared to some lists I've had on my sites...

Jim

Tat4Life

1:18 am on Jan 27, 2005 (gmt 0)

10+ Year Member



Thanks Jim,
questions answered. Will make the changes.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 10:54 pm May 1, 2026