1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 9:26 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

trouble blocking blank UA and referer

and/or faked blank UA

         

nancyb

2:51 am on Dec 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



trying to block blank UA and referer except AOL HEAD request. Also trying to block faked blank referers.

I'm using this:

# Forbid if blank Referer *and* UA, except for HEAD requests (used by AOL, etc.)
RewriteCond %{REQUEST_METHOD}!^HEAD$
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^<->$
RewriteRule .* - [F]
#
# Forbid if *faked* blank Referer
RewriteCond %{HTTP_REFERER}<->%{HTTP_USER_AGENT} ^-<->-$
RewriteRule .* - [F]

My error logs show:

[Tue Nov 30 20:48:08 2004] [alert] [client x.xx.60.252] /usr/www/users/me/.htaccess: RewriteCond: bad argument line '%{HTTP_REFERER}<->%{HTTP_USER_AGEN'
[Tue Nov 30 20:48:08 2004] [alert] [client x.xx.60.252] /usr/www/users/me/.htaccess: RedirectPermanent takes two arguments, a document to be redirected, then the destination URL
[Tue Nov 30 20:48:08 2004] [alert] [client x.xx.60.252] /usr/www/users/me/.htaccess: RedirectPermanent takes two arguments, a document to be redirected, then the destination URL

according to the log, the previous error was 14 minutes prior to this one. I don't get the actual logs though, I get "This page only contains the recent portions of the error logs that we believe apply to your site." So, maybe I'm not getting everything and that's why I can't figure out the problem.

Is there something in my code that I am NOT seeing that is causing this error, could it be the way my server is set up, or perhaps because I'm not getting all the errors?

I just get my hair to start growing when I start pulling it out all over again :(

Oh, there is a space before the '!', just can't get it to show here. How do you get the spaces in there?

jdMorgan

3:16 am on Dec 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It may be that your server version doesn't like the concatenation trick I used when writing that. Try splitting up the lines like so: 

# Forbid if blank Referer *and* UA, except for HEAD requests (used by AOL, etc.)
RewriteCond %{REQUEST_METHOD} !^HEAD$
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [F]
#
# Forbid if *faked* blank Referer or User-agent
RewriteCond %{HTTP_REFERER} ^-$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^-$
RewriteRule .* - [F]

Mastery of mod_rewrite does indeed involve the loss of some hair, but not as much as that lost when seeing your site ransacked. ;)

To get past the delayed error log problem, synchronize your PC's clock with a standard clock --such as the National Institute of Standards atomic clock at Boulder Colorado-- using one of the "Set your PC clock" freeware programs. Then wait for a specific time, and do your testing. Note the time of each of your test requests along with what was tested. Then you can use the time posted in your error log to correlate which test caused which error (if any).

Jim

nancyb

4:13 am on Dec 1, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



As usual, thank you for your tireless patience with a mod_rewrite ninny!

Thanks for the time tip, but I do get the errors in real time and my server is set to my own real time :), I just don't get a log I can download so I have to keep watching the error log page on the net and then copy/paste the error(s) into a text editor as they happen. I can only see one page and it evidently has both a limit to the number of error lines as well as a time limit it retains those errors. Also, have to relog in after a time limit. A real pain in the a$$ when trying to debug.

Then, I have to wait until after midnight to get the raw logs (regular) so I can analyze what happened. Time to find another host again ....

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 9:26 pm May 1, 2026