Well, you could start by reading any half-dozen random posts, either here or in the SSID (Search Engine Spiders) subforum :) How To Block Unwanted Visitors is a perennial favorite topic.

I prefer to use mod_setenvif for the simpler lockouts, saving mod_rewrite for the really complicated ones. You said htaccess, so you won't be able to use mod_security.

What are you doing so far?

So far I am just banning all datacenters IP ranges as the spam comes in. The problem here is I keep reading all these different .htaccess methods on how to do it and keep relaying all the info and methods to other server admin and they keep telling me it will not work because it is apache 2.2

Which raises another question. Why don't bloggers and writers specify what version their code is for? Trust me I read a lot about it, and I read quite a bit here, but I just keep getting told it is not going to work. And I read on .htaccess tutorial websites, but even they are not specifying which version their code is for.

and keep relaying all the info and methods to other server admin and they keep telling me it will not work because it is apache 2.2

Pure nonsense! Get a new administrator and/or host.

Basically, the same methods have worked in all versions of Apache for some 15-years.

Pure nonsense! Get a new administrator and/or host.

Basically, the same methods have worked in all versions of Apache for some 15-years.

man, I have been thinking the same thing, that they are just being slackers and jerkin my chain.

so this is some code that user Lucy posted elsewhere in here a while ago:

RewriteCond %{HTTP_REFERER} (kambasoft|semalt|whatever) [NC]
RewriteRule .* - [F]

are you telling me that this method will work right now?

I also have found this method for actual URLs

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* - [F]

this would work as well?

are you telling me that this method will work right now?

this would work as well?

There's only one way to find out!

they keep telling me it will not work because it is apache 2.2

Apache 2.4 did add some new goodies involving <If> envelopes, but anything that worked in 2.2 should continue to work in 2.4

RewriteCond %{HTTP_REFERER} (kambasoft|semalt|whatever) [NC]
RewriteRule .* - [F]

are you telling me that this method will work right now?

Haha, now you are ignoring your own rule because you don't spell out which Apache version is meant by "right now" ;)

afaik, there are no significant changes to mod_rewrite between 2.2 and 2.4 except that I think 2.4 allows CIDR ranges in Conditions. (I can now not remember where I read this. phranque?)

The one drawback to using mod_rewrite is that it isn't inherited. So if you have a single .htaccess covering multiple domains, it may be easier to use mod_setenvif:

SetEnvIf Referer kambasoft keep_out

followed later by the single mod_authzwhatsit line

Deny from env=keep_out

I also have found this method for actual URLs

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} semalt\.com [NC]
RewriteRule .* - [F]

That's the same rule again. Not sure what you meant by "actual URLs".

The

RewriteEngine on

directive comes only once, at the beginning of the mod_rewrite section of your htaccess.

The

Options +FollowSymlinks

directive does no harm so long as you remember the + sign -- but if your host allows htaccess, this option has already been set in the config file, so there's rarely a need to repeat it.

There's only one way to find out!

Careful there wilderness :) Sometimes when a rule doesn't work it just fails quietly ... but other times it throws a 500-class error. We would prefer not to see these on our real sites, which is why I have a test site for when-in-doubt experiments.

thanks for all this. I am starting to catch on and have gotten this and some extra stuff to work since.