1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:15 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

block referrer

         

unclej

6:54 pm on Jul 27, 2015 (gmt 0)

10+ Year Member



I have a site that's getting visits from referrer xxx.example.Net everyone who visits from that referrer is a spammer or is in a country that I have no business with. I need to block anyone visiting from there. What code do I need to add to my htaccess, and where would I add that code? at the beginning, in the middle, at the end?

Here is my current htaccess 
# Always use www in the domain
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([a-z.]+)?example\.com$ [NC]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .? http://www.%1example.com%{REQUEST_URI} [R=301,L]

# index to home
RewriteCond %{THE_REQUEST} ^.*\/index\.html?
RewriteRule ^(.*)index\.html?$ http://www.example.com/$1 [R=301,L] 

# block some ip
order allow,deny
deny from 198.179.147.
deny from 24.160.154.2
allow from all

# send these to abuse page 
RewriteCond %{REMOTE_ADDR} ^69\.149\.61\.94$ [OR]
RewriteCond %{REMOTE_ADDR} ^72\.89\.24\.140$ [OR]
RewriteCond %{REMOTE_ADDR} ^71\.9\.179\.172$ 
RewriteCond %{REQUEST_URI} !/abuse.php
RewriteRule ^(.*)$ /abuse.php [R,L] 

#block referrer
RewriteEngine on 
RewriteCond %{HTTP_REFERER} semalt\.com [NC] 
RewriteRule .* - [F]

[edited by: Ocean10000 at 7:30 pm (utc) on Jul 27, 2015]
[edit reason] examplified [/edit]

lucy24

8:04 pm on Jul 27, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I do this kind of thing with mod_setenvif in conjunction with mod_authwhatsit, so the same lockout can be shared among multiple sites without having to deal with mod_rewrite's inheritance issues.

:: shuffling papers :: 

SetEnvIf Referer semalt keep_out
...
Deny from env=keep_out
Incidentally, your htaccess seems a bit garbled. Different people have different preferences about what order to put things in; some of it's down to individual coding style. But I'm pretty sure everyone agrees that everything from a single mod-- notably mod_rewrite-- needs to be grouped together. And, in the specific case of mod_rewrite, list rules in order of severity. There's no point in redirecting a request that's going to be blocked anyway.

Oh, and if you've got any quasi-error pages like "abuse.php" make sure there's a preliminary rule that says 
RewriteRule abuse\.php - [L]
to prevent infinite loops. Add your 403 document to the same rule. This goes before any RewriteRules with [F] flag.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:15 pm May 1, 2026