.htaccess how to block website & website using subdirs? - Apache Web Server forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess how to block website & website using subdirs?

how to block a domain and one using subdirectories

bondjamesbond

1:29 pm on Jul 18, 2004 (gmt 0)

10+ Year Member

Hi

I am currently having problems blocking a website. I am using the excellent bad-bot script that uses the setenvif commands to give the big [F] to these nasty bots. I have been experimenting with including a line to block a domain but this doesn't work.

I have tried adding this line:
SetEnvIf Referer ^http://(www\.)?blockeddomain\.com getout

But when you click through to my site from the blocked domain it is still allowed and the forbidden page is not displayed.

I also wondered is there a way of blocking a website that resides at a subdirectory? For example you have these sites where people can sign up to free webspace and they are given [/www.somebigsite.com/mywebspace/...] (not sure if you can mention the name here - but the one I am thinking of was bought by Yahoo and begins with g ;))

I tried SetEnvIf Referer ^http://(www\.)?blockeddomain\.com/mywebspace/ getout

but this didn't work either. Consequently I can't ban by IP address as since it is a subdirectory it doesnt have one - or does it?

Can anyone help? Cheers!

jdMorgan

3:40 pm on Jul 18, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Your code looks correct, although I usually see the tested string in quotes, like this:


SetEnvIf Referer "^http://(www\.)?blockeddomain\.com" getout

I doubt that's the problem though. The most likely reason is that your test requests are not going to your server, because the page is already cached in your machine. If the request is returned from your local cache and not from your server, then your code on your server can have no effect on the request. So... Always flush your browser cache (clear temporary internet files in IE) after each change to your code and before each test request. You can configure your browser to not use cache, but remember to turn it back on once you're done testing!

In other words, your code probably works.

Jim

bondjamesbond

3:56 pm on Jul 18, 2004 (gmt 0)

10+ Year Member

Thanks for the quick reply!

<edit>Ah ha I found the problem - the firewall was removing referer information, so although the code was working, when I was testing, it didn't look like it was working.

Any idea how this can be applied to the subdirectory? As I have tried it on a url, but when you try to block a site based at subdir level (as described in #1) it doesn't work...</edit>

jdMorgan

4:12 pm on Jul 18, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

The code you have posted is fine. Look elsewhere. You may have a problem with the order, allow, deny, or satisfy directives, or the container that you have put them in, such as <Files *>.

A referrer is a referrer, so there is no fundamental difference between a domain-level referer and a subdirectory-level referer. As far as your server is concerned, they are just strings to be matched.

Jim

wilderness

9:26 pm on Jul 18, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

bond
Have you tried making the set slightly simplier?
EX:
If the referrer has "red" in the domain name?

SetEnvIfNoCase Referer red getout
or
SetEnvIf Referer red getout

You may also use ^ "beginnings" and $ "Ends"

these methods will work with the main domain, sub-domain or anything else the referrer regulary includes in the referring lines.

Some caution should be kept in mind with the use of this words as I'm sure you have no desire to exclude innocent visitors.

bondjamesbond

11:00 am on Jul 19, 2004 (gmt 0)

10+ Year Member

I will give that a shot wilderness, many thanks.