What's wrong with this rewrite rule-set?

Forum Moderators: phranque

Message Too Old, No Replies

What's wrong with this rewrite rule-set?

It is blocking HEAD & favicon.ico requests that are supposed to be allowed

Wizcrafts

4:58 pm on May 28, 2006 (gmt 0)

I have created the following rewrite rule-set to block bots that have both a blank referer and user agent, with an allowance for HEAD and favicon.ico. It is blocking HEAD and favicon requests that are supposed to be allowed. What am I doing wrong?

RewriteCond %{REQUEST_METHOD} !^HEAD$ [OR]
RewriteCond %{REQUEST_URI} !^/favicon\.ico$
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteCond %{HTTP_REFERER} ^$
RewriteRule .* - [F]

Proof of failure:
cache-dtc-af05.proxy.aol.com - - [26/May/2006:17:29:19 -0500] "HEAD /images/imagename.jpg HTTP/1.1" 403 0 "-" "-"

abc.def.ghi.xyz - - [28/May/2006:07:08:05 -0500] "GET /favicon.ico HTTP/1.1" 403 101 "-" "-"

(above filename and IP obscured on purpose)

All normal requests come through ok and other undesirable GETs with a blank referer and UA are blocked as desired.
Thanks in advance.

jdMorgan

5:45 pm on May 28, 2006 (gmt 0)

Remove the [OR] from the first RewriteCond.

I use


# BLOCK blank referer -AND- UA (except for HEAD
# requests and favicons
RewriteCond %{REQUEST_METHOD}!^HEAD$
RewriteCond %{HTTP_REFERER}<>%{HTTP_USER_AGENT} ^<>$
RewriteRule !\.ico$ - [F]

Jim

[edited by: jdMorgan at 5:48 pm (utc) on May 28, 2006]

Wizcrafts

5:48 pm on May 28, 2006 (gmt 0)

Doh! Thank Jim.