from memory, something like this should help:

RewriteEngine On
RewriteCond %{HTTP_REFERER} www\.badsite\.tld
RewriteRule ^.? /catchthem/index.php

it rewrites the request so they won't notice a redirect but every request they make to your site will be redirected to /catchthem/index.php

hmmmm - It's not working properly. So this is what I have so far... and it doesn't work. :(

I have wikihow.com as an example of a bad referrer below.

RewriteEngine On
RewriteCond %{HTTP_REFERER} www\.wikihow\.tld
RewriteRule ^.? /error.html

What am I doing wrong?

I could be mistaken, but I believe the ".tld" (in the examplified coding) means "whatever is the top-level domail", and I believe it should be replaced (in your live coding) with ".com", ".org", ".net", ".tv", etc, as appropriate.

Eliz.

Ok, I fixed the .tld thing but there is still doesn't work. This is what I got so far...

RewriteEngine On
RewriteCond %{HTTP_REFERER} www\.wikihow\.com
RewriteRule ^.? /error.html

mh ...

RewriteEngine on
RewriteCond %{HTTP_REFERER} www\.wikihow\.com
RewriteCond %{REQUEST_URI} !^/error.html
RewriteRule ^.? /error.html

works fine for me. You need to have that second line because it'd go into an endless loop otherwise. I forgot that before.

If it's not working, are you sure your browser sends the referer? Do you get some error or is it just showing the requested page? You do have apache as a webserver, right?
You might also try adding
Options +FollowSymLinks +SymLinksIfOwnerMatch
Right before
RewriteEngine On

Well, it's half working now. Anyone that comes from that domain now gets a 403 error (instead of seeing the requested page), but still doesn't get redirected to my domain.com/error.html page, which is sort of the point...

mh. and you can access /error.html without getting a 403?

I changed

RewriteRule ^.? /error.html
To
RewriteRule .* [domain.com...]

But no, it won't actually open the error.html page because it says it can't find or connect to domain.com... So this isn't exactly working proper.... :cS

mh, ya, you can also redirect externally, that would do it. you aren't actually using www.domain.com, right? I mean, you're replacing it with your domain.

try changing
RewriteRule .* [domain.com...]
to

RewriteRule .* [domain.com...] [R=307]

Yes, I replaced it with my domain... :)

I added the [R=307] but it still doesn't want to show the error page, but instead gives the 403 error. ?

Whooops - OK, got it fixed now - THANK-YOU A TON for your help guys (especially Janharders!)

Sorry, just a couple more questions:

Will that code work on subdomains? Like if the referrer was subdomain.domain.com?

Also, if I have other RewriteEngine rules in my .htaccess file will they still work, on separate lines further down? (I took the previous rules out for testing) So for instance my ReWriteEngine rules that block and redirect the IP addresses...)

What was the fix?

Jim

it will work on subdomains, if you tweak the
RewriteCond %{HTTP_REFERER} www\.wikihow\.com
part. that one would match on *www.wikihow.com* (asterisk = anything)
if you want to add the whole domain, make it
RewriteCond %{HTTP_REFERER} wikihow\.com
that would, of course, also match on awikihow.com, you could avoid that by saying
RewriteCond %{HTTP_REFERER} \.wikihow\.com
and adding a second rule to match [wikihow.com...]
RewriteCond %{HTTP_REFERER} wikihow\.com
put an [OR] between them, so that the whole thing would look like

RewriteEngine on
RewriteCond %{HTTP_REFERER} .wikihow\.com [OR]
RewriteCond %{HTTP_REFERER} wikihow\.com
RewriteCond %{REQUEST_URI} !^/error.html
RewriteRule ^.? /error.html

and yes, it shouldn't interfere with your other rewrite rules, but testing that is never wrong ;)

Ok, so I have my IP blocking rules below this domain blocking rule, and I stuck my IP address to block.

Contrary to what I thought, it won't redirect me to the error page (the site blocking rule), but will instead block my IP from seeing the site in the first place. Is this what is supposed to happen?

So, if I'm confusing you, um sorry. I'm just wondering which rule takes precedence? The one the comes first in the .htaccess file or the second one? Because for me, the second one is the one happening...

That depends on the "IP blocking" code, and specifically, what Apache module's directives are used to do the IP blocking. If it's mod_rewrite, then the IP blocking code will execute in addition to your referrer-based code -- because your referrer-based rule does not have an [L] flag on it (See Apache mod_rewrite RewriteRule documentation).

If the IP-based code uses mod_access directives (e.g. "Deny from 192.168.0.1"), then it's likely that your server is configured to execute mod_access directives first.

It's critical to understand that directives in your .htaccess file *are not* executed in the order you type them -- You should not view .htaccess code as a sequentially-executed "program." Directives in .htaccess are executed on a per-module basis, as determined by the server configuration. That is, all directives handled by the first module are executed, followed by all directives from the second module, etc. So the order in which you put your code only affects the relative order of execution of directives handled by the same module.

Module execution order on Apache 1.x is determined by the reverse LoadModule order in httod.conf. It is determined by an internal priority scheme on Apache 2.x.

Jim

Thanks for your replay jdMorgan.

Here is what I got (with specific domains and details substitued)

RewriteEngine on
RewriteCond %{HTTP_REFERER} .wikihow\.com [OR]
RewriteCond %{HTTP_REFERER} wikihow\.com
RewriteRule .* [domain.com...] [R=307]

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 43\.533\.242\.111 [OR]
...
RewriteCond %{REMOTE_HOST} 34\.756\.323\.656
RewriteRule .* [domain.com...] [R=301,L]

Here is my problem now: The two parts of the code work perfectly fine when they are not present in the .htaccess file at the same time. However, when they are together, I get an infite loop error from my browser. I'm not sure why...

Adding to what jdMorgan wrote, if I recall correctly, if you have multiple .htaccess, eg one in /var/www/ and another one in /var/www/mydir/, they will be worked through, starting with the one in /var/www/mydir/ and working it's way up through the directories.

True, if RewriteOptions Inherit is set, either in .htaccess or at the server config level.

--

timothius,

Note that only one RewriteEngine on directive is needed per .htaccess file -- at the top. The Options +FollowSymLinks directive should also be at the top, for clarity.

Ok.... um, I took out the 'extra Rewrite Engine On' and I'm still getting the "Redirect Loop" error from my browsers.

Would either one of you know why I'm getting this. The code I'm using is 3 posts up. :)

you haven't included

RewriteCond %{REQUEST_URI} !^/error.html
so that right now, even the request to that page is redirected and I'm guessing that your browser still provides the original referer, thus running into the loop.

Another reason the IP is blocked is that you are redirecting the client.

The first request gets redirected, then the client comes back with a second request (for the /error page) and gets blocked by IP address. Use a server headers checker such as the "Live HTTP Headers" add-on for Firefox/Mozilla browsers to verify this behaviour.

Note also that a 307 response is not supported by true HTTP/1.0 clients. While these are very rare now --almost non-existent-- you should test for the protocol level before returning any new HTTP/1.1 status responses *if* your site is hosted on anything except a shared name-based virtual server (HTTP/1.0 clients cannot reach purely-name-based servers, because they don't send a "Host" request header). Rather than sniffing the protocol and varying the response code, it would be easier to return a 301 or a 302, supported by HTTP/1.0.

Or to fix both problems, use an internal rewrite as janharders originally suggested, rather than a redirect. (If you do use an internal rewrite, be sure to completely flush your browser cache between tests, to prevent previously-cached responses from confusing your test results.)

Jim

Yeah, I had to keep deleting the cache in FF3, while IE and Safari seemed to pay a little more attention to the .htaccess changes.

So this is the final code that seems to work fine. Not sure if there is anything wrong syntax-wise.

(domain-blocking code that sends the person to a error page that collects their IP address for my information and then uses a meta redirect to send them away to an external site)
RewriteEngine on
RewriteCond %{HTTP_REFERER} .wikihow\.com [OR]
RewriteCond %{HTTP_REFERER} wikihow\.com
RewriteCond %{REQUEST_URI} !^/error.html
RewriteRule .* [domain.com...]

(IP-blocking code that blocks malicious visitors I have already identified and redirects them to a non-existent page on my site which gives them a 403 error. Not too clever, I know...)
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REMOTE_HOST} 44\.44\.44\444 [OR]
...
RewriteCond %{REMOTE_HOST} 33\.33\.333\.333
RewriteRule .* [domain.com...] [R=301,L]

You missed my notes about RewriteEngine on and the [L] flag above, evidently...
The two "wikihow" lines are redundant, since they are un-anchored.
If you use a custom 403 error page, you'll need to exclude it from the second rule.
REMOTE_HOST and REMOTE_ADDR are two different things. Your second rule could fail because of this if rDNS resolves on the IP address.

I'd suggest:

# Enable mod_rewrite
Options +FollowSymlinks
RewriteEngine on
#
# Internally rewrite visitors referred by wikihow to special page
RewriteCond %{HTTP_REFERER} wikihow\.com
RewriteCond %{REQUEST_URI} !^/error.html
RewriteRule .* /error.html [L]
#
# Send 403-Forbidden response to requests from unwelcome IP addresses/ranges
RewriteCond %{REMOTE_ADDR} 44\.44\.44\.44 [OR]
...
RewriteCond %{REMOTE_ADDR} 55\.55\.55\.55 [OR]
RewriteCond %{REMOTE_ADDR} 33\.33\.33\.33
RewriteCond %{REQUEST_URI} !^/path-to-your-custom-403-error-page\.html$
RewriteRule .* - [F]

Jim

Well the first part is fine, but the 2nd part doesn't work like the code I posted earlier. Even when I add my IP address to be blocked it won't block and send it to my (fake) IP-blocking page like I want it to, but instead sends me to my domain-blocking page?

I hope I'm expressing myself clearly enough...

# Send 403-Forbidden response to requests from unwelcome IP addresses/ranges
RewriteCond %{REMOTE_ADDR} 44\.44\.44\.44 [OR]
...
RewriteCond %{REMOTE_ADDR} 55\.55\.55\.55 [OR]
RewriteCond %{REMOTE_ADDR} 33\.33\.33\.33
RewriteCond %{REQUEST_URI} !^/fake-error-page\.html$
RewriteRule .* - [F]

Sorry, but what is a "domain blocking page" and how and why would your code (normally)) rewrite or redirect to it? (There is a good chance that there's a rule elsewhere that is interfering, and it's hard to tell without seeing the code.)

RewriteRules must be designed so that their conditions for invocation are mutually-exclusive. This is done by rule order, use of specific and different RewriteRule and RewriteCond patterns, differing and/or additional RewriteCond variables, and the [L] and [S] flags. If a mod_access directive is being applied first, but you want it applied only after mod_rewrite gets a chance to process the request, then you'll need to re-code that mod_access code using mod_rewrite directives to control the execution order. (Sorry, this stuff isn't always simple)... :(

Also as stated above, be sure you are completely flushing your browser cache before each test.

Jim

By domain blocking, I mean that visitors that I want visitors that come from a *particular* domain to be redirected to a page on my site that I will be able to capture their IP address from. I'm using your recently-suggested code, and it works fine for doing that.

However, the problem is the code regarding how to block particular IP addresses, which is separate from redirecting those that came from a particular domain. (see 2 posts up) How I deal with the unwelcome IPs is I send them to a non-existent page which depending on their browser, will show them a 403 with my root domain in their address bar. The reason I do this, is that I want them to think that my site no longer holds any content. I am not using an actual 403 error page.

So with the code you last gave me, the IPs are getting redirected to my site's IP capture page, not given the non-existent page. Sorry, is that explained good enough?

OK, then modify the last rule, so that rewritten requests for /error.html are not denied:

# Send 403-Forbidden response to requests from unwelcome IP addresses/ranges
RewriteCond %{REMOTE_ADDR} 44\.44\.44\.44 [OR]
...
RewriteCond %{REMOTE_ADDR} 55\.55\.55\.55 [OR]
RewriteCond %{REMOTE_ADDR} 33\.33\.33\.33
[i]RewriteCond %{REQUEST_URI} !^/error\.html$[/i]
RewriteCond %{REQUEST_URI} !^/path-to-your-custom-403-error-page\.html$
RewriteRule .* - [F] 

BTW, rewriting requests to a non-existent page should result in a 404-Not Found, not a 403-Forbidden response. If you are getting a 403, then there may be something seriously amiss with your server configuration.

Opinions differ, but I recommend not toying around with unwelcome accesses -- To avoid "dangerous" code complications and keep the sites easy to maintain, just send a 403-Forbidden response and be done with it. Give no information on the custom 403 error page other than "Access denied" -- There is no profit in issuing a "challenge" to the bad guys. YMMV.

Jim

Ok sorry, I am going to make this the least complicated I can here, so that you should only have to post one more time - (I REALLY appreciate you helping me like this...

I want the following things to be happening in my .htaccess file.

1) If visitor arrives at any page of my site from baddomain.com, I want him to be redirected to a *SPECIFIC* page on my site where I can gather his IP address. (The specific page will then whisk him back off to baddomain.com via a meta redirect)

2) If a malicious visitor that has a particular IP address comes to any page on my site, I want him to be redirected a *DIFFERENT SPECIFIC* page on my site that would be a fake 404 page.

I think that is the clearest I can put it. Sorry, I haven't communicated very well. The code that I've worked out and that you've given me does one, but not both of those things at any time. If I get one working, then the other one won't work... and on it goes.

THANK-YOU!