Need a little help here, Please

J4T

Just4Tricks,

Welcome to WebmasterWorld [webmasterworld.com]!

Things tend to be quieter back here than "up front" in places like the Google forum. It might take 24-48 hours to get an authoritative answer.

In the comments of your code, it mentions "modified by DenyIP" twice. What is DenyIp? If you modify those lines, will "DenyIP" come back and change them again?

Basically, I see some problems, but if this is a script that is going to come back and re-write your existing code, then no fix I might post is going to work.

The answer to your basic question is easy, but the above is a major concern, because from what I have experienced, only ONE Order statement can appear in an .htaccess file, and the one you have is opposite what is needed to fix your problem, AND if we fix it, it might get overwritten by this mysterious DenyIP.

Therefore, the question is bigger than it appears.

Jim

...If you modify those lines, will "DenyIP" come back and change them again? - jdMorgan

LOL

Ok I just checked it again. I had to remove some IP blocking.

It is now

# -FrontPage-

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

order deny,allow
deny from all
allow from all

order deny,allow
deny from all

AuthName www.example.com
AuthUserFile /home/example1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/example1/public_html/_vti_pvt/service.grp

order allow,deny
allow from all

Ok to the above where do I put the code to deny access from a particular website?

Thanks
J4T

The code that I am asking where to put in the above htaccess file is this;

SetEnvIf Referer ^http://.*\badsite\.com ban
<Files *>
order deny,allow
deny from env=ban
</Files>

Thanks

J4T

J4T,

I cannot answer your question unless you answer mine. Please re-read msg#3 above, and also pay particular attention to my note about "only one Order statement".

Jim

J4T,

Your edited code will not work because you have more than one Order, as explained by Jim, however it is possible to use more than one Order provided that they are put inside different <Limit> directives.

Your edited code could also wreck FrontPage extensions, if you use them and mod_rewrite will not work with FP extensions.

SetEnvIf Referer ^http://.*\badsite\.com ban

The Referer you have will not match badsite.com
Regular expressions are allowed in SetEnvIf and \b is a regular expression for word boundary. It will match anything that is not an alpha-numeric character. Domains must have alpha-numeric characters at the start.

For example it will match the following
www.#adsite.com
www. adsite.com

Use the following
SetEnvIf Referer ^http://(www\.)?badsite\.com ban

<Files *>
order deny,allow
deny from env=ban
</Files>

* will not work in your example because it is a regular expression that matches any number of preceeding characters.
eg t* will match t or ttttt or tttttttttttttttt

Regular expressions should be used in <FilesMatch> directive. You don't need to use <Files> or <FilesMatch> directives to stop badsite.com from hotlinking.

==========================================

The following should work without wrecking FrontPage extensions

# -FrontPage-

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

SetEnvIfNoCase Referer ^http://(www\.)?badsite\.com ban

# Put banned IPs in <Limit GET POST> below deny from env-ban
# eg. deny from 123.45.67.89

<Limit GET POST>
order allow,deny
allow from all
deny from env=ban
</Limit>

<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

AuthName www.example.com
AuthUserFile /home/example1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/example1/public_html/_vti_pvt/service.grp