sparq,

Welcome to WebmasterWorld!

This is simply a combination of blocking by IP and blocking by referrer. If the user's IP is 192.168.0.10 and the link he's clicking on to get to your page is on the page at http://r.example.net/link/a/?a=(thisismylinkcode)&b=username
then the code would look something like this:

RewriteCond %{REMOTE_ADDR} ^192\.168\.0\.10$
RewriteCond %{HTTP_REFERER} ^http://r\.example\.net/link/a/\?a=<thisismylinkcode>&b=username
RewriteRule ^local_URL_path_to_blog - [F]

For more information, see the references cited in our forum charter [webmasterworld.com].

Jim

Hey thanks for the reply, I started messing around with it last night but I didn't seem to be getting anywhere.

Can I use BOTH the ...

<Directory /docroot>
Order Deny,Allow
Deny from 207.64.
Allow from all
</Directory>

And the Rewrite method? Or if I am using Rewrite to block the referrer I also need to use it to block the IP? Im new to all this so would appreciate a little more help. I wish I sent the code I was working with to my email here at work so I could plug it in to show you what I have at the moment.

But I am using .*(thescreennamehere)$ in my referrer field, no domain, nothing else... is this correct? Obviously this method has 1,000 ways around it (simply by changing usernames) and signging on at a friends house - but im hoping after a few attempts he will get the hint and stop trying to get there.

When doing the HTTP_Referer do I need to list the domain in there as well? Should I use the whole

^http://blahblahblahthewholelinkhere?a=blahblah&b=screenname$

Or should it still work the way I mentioned above? Also what I want to happen is like when they come in and it blocks the IP address, just the person with .*screenname$ sees a seperate error page. Am I makeing sence?

You can use either mod_access and mod_sentenvif or mod_rewrite to solve this problem as described. For the sake of simplicity, I'd recommend using one method or the other, not both.

It's not entirely clear what relationship that referral page has to your site, and whether it is one or multiple referral pages. You can and should experiment with the code until it does what you want it to do (you can create your own referring pages to test).

Jim

See thats what I was hoping to do - the problem is I dont think its coming through as a referrer. Since the page is "linked" in my profile - the user would then click on it, but it forwards off to my site (based on the username)... if I make a TEST page, like...

test.html

and then copy the same type of format like...

test.html?a=anything&b=(screen name here)

press enter, so that is the loaded page in my browser - and THEN click on my link to the page (which im trying to block) it works, it will block the access attempt. BUT if I copy the link out of my profile, and change the username to match their username, and press enter -- I am getting through just fine.

BTW: Thanks for the comments you sent in the mailbox.

Ok, im home now so I can post exactly what I have...

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^.*(screenname)$ [NC]
RewriteRule .* /denied/denied.html [R]

Is the HTTP_REFERER line correct, since I am only interested in the LAST part which contains the screen name, is using that context correct? since it would search for anything, but ending in the screen name... yes?

Also, does the IP routine work the same with when putting a DENY for a block of IPs? like how would I block... 000.00.11.111 (and block the 000.00 and then anything after that?)

Thanks so much for your help

A better approach is to do an internal "silent" rewrite, instead of a redirect. This "hides" the function, making it harder to figure out.
You will also need to take steps to be sure that you *allow* access to /denied/denied. Otherwise, you'll end up with a redirection loop -- which may be why you see multiple access attempts with this code in place.

RewriteCond %{HTTP_REFERER} screenname$ [NC]
RewriteRule !^denied/denied\.html$ /denied/denied.html [L]

This denies access to all files *except* /denied/denied.html to the user with that screen name.

Denying by IP address can be tricky. You must always bear in mind that mod_rewrite does character string compares, not numerical compares. If you want to block a specific IP address, then that would be:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.89$

To block all 255 addresses from 123.45.67.0 through 123.45.67.255, you can just leave out the last octet of digits (remember this is a string compare, just like the screenname compare above), making it:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.

You could also block the 65,535 addresses from 123.45.0.0 through 123.45.255.255 by leaving off the last two octets, etc.

Things get fairly tricky when you want to block a subset of an address block with mod_rewrite, again, because this is a string compare. For example, to block 123.45.67.192 through 123.45.67.224, you'd have to use something like:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.(19[2-9]¦2[01][0-9]¦22[0-4])$

In these cases, you might consider using a mod_access Deny from using a CIDR or netmask instead of a complex regular expression in mod_rewrite -- It's all down to personal preferences.

Just to show the 'combined' results, you'd end up with something like this:

RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.(19[2-9]¦2[01][0-9]¦22[0-4])$ [OR]
RewriteCond %{HTTP_REFERER} screenname$ [NC]
RewriteRule !^denied/denied\.html$ /denied/denied.html [L]

Note that there must never be an [OR] on the last RewriteCond. Also, posting on this forum changes some characters; You must replace the broken pipe "¦" characters above with solid pipe characters (usually Shift-\) before use.

Jim

Now what if I wanted to block out specific other screen names after the first one, do I still need the $ after each name to signify thats the ending statement, or just after the LAST one?

screenname1$¦screenname2$¦screenname3$¦screenname4$

or

screenname1¦screenname2¦screenname3¦screenname4$

Like I said, im still new to this so im not really sure how that works.

Same with the IP address block, how would I look at blocking 123.45.**.*** AND block 678.90.**.***

Also, when viewing my log files for example I have...

"Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

as the very last part of my logs, that is HTTP_AGENT? Blocking would be the same?

This would work:
screenname1$¦screenname2$¦screenname3$¦screenname4$

or you could use
(screenname1¦screenname2¦screenname3¦screenname4)$

> Same with the IP address block, how would I look at blocking 123.45.**.*** AND block 678.90.**.***

The same constructs as above should work. Or you can use two RewriteCond lines with an [OR] at the end.

Do not block by user-agent unless is is truly unique; You risk blocking many visitors. You will also have to escape all literal characters such as space, period, semicolon and parentheses in the user-agent name.

Don't keep adding conditions. The more you add, the more likely your rule will fail. Simplicity is good.

JIm

Anonymization.Org would be pretty unique, LOL!

Heres what I have, does everything look right?

RewriteCond %{REMOTE_ADDR} ^123\.45\.¦67\.89\. [OR]
RewriteCond %{HTTP_REFERER} (name1¦name2¦name3)$ [NC]
RewriteRule!^denied/denied\.html$ /denied/denied.html [L]

Is the RewriteRule correct? I dont want just a single page, but I want all documents short of /denied/denied.html to give the error?