Forum Moderators: phranque
i'm trying to put different directives on my .htaccess as follows, please can somebody tell me if i'm doing it right? does it make sense like this?
also what's the difference in writing SetEnvIfNoCase instead of setenvifnocase (no caps)?!?
Thanks so much,
tito
here it is:
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
SetEnvIf Request_URI "(403\.php¦robots\.txt)$" allowit
Order Deny,Allow
# hacks
deny from 66.##
..etc..
..etc..
deny from 202.##
Allow from env=allowit
<IfModule mod_php4.c>
php_value auto_prepend_file "/home/sites/site1/web/botblocker.php"
</IfModule>
<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)root.exe(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/msadc\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/MSADC\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ [microsoft.com...]
RedirectMatch permanent (.*)\/x90\/(.*)$ [microsoft.com...]
</IfModule>
<LimitExcept GET PUT POST>
deny from all
</LimitExcept>
SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase Referer yelucie.com spammer=yes
..etc..
..etc..
SetEnvIfNoCase Referer buy-hgh-human-growth-hormone.net spammer=yes
deny from env=spammer
# code to deny the below user agents POST access to trackback
<Files trackback>
<limit POST>
SetEnvIf User-Agent "Mozilla" trackers
SetEnvIf User-Agent "Opera" trackers
SetEnvIf User-Agent ^$ trackers
Order Allow,Deny
Allow from all
Deny from env=trackers
</limit>
</Files>
SetEnvIfNoCase User-Agent "Alexibot" getout
SetEnvIfNoCase User-Agent "asterias" getout
..etc..
..etc..
SetEnvIfNoCase User-Agent "Wget/1.6" getout
SetEnvIf Request_URI "^(403\.php¦robots\.txt)$" allowsome
<Files *>
order deny,allow
deny from env=getout
allow from env=allowsome
</Files>
<Files .htaccess>
order deny,allow
deny from all
</Files>
please excuse me if i keep bothering, i wouldn't like but i have serious problems with the htaccess above and i badly need to stop hackers on my site.
since i have placed to my htaccess the last part:
---
SetEnvIfNoCase User-Agent "Alexibot" getout
SetEnvIfNoCase User-Agent "asterias" getout
..etc..
..etc..
SetEnvIfNoCase User-Agent "Wget/1.6" getout
SetEnvIf Request_URI "^(403\.php¦robots\.txt)$" allowsome
<Files *>
order deny,allow
deny from env=getout
allow from env=allowsome
</Files>
<Files .htaccess>
order deny,allow
deny from all
</Files>
---
all other directives are not working anymore, i have read anything on apache doc but cannot find or understand the reason why.
i'm sorry to bother you but i really need some help, thanks so much.
tito
So you need to merge the various Allow from and Deny from directives into one block of code inside one Order directive.
Jim
ErrorDocument 401 /401.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php
SetEnvIf Request_URI "(403\.php¦robots\.txt)$" allowit
Order Deny,Allow
deny from 81.xx
..etc..
deny from 81.xx
<IfModule mod_php4.c>
php_value auto_prepend_file "/home/sites/site1/web/botblocker.php"
</IfModule>
<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ [microsoft.com...]
..etc..
RedirectMatch permanent (.*)\/x90\/(.*)$ [microsoft.com...]
</IfModule>
<LimitExcept GET PUT POST>
deny from all
</LimitExcept>
SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes
SetEnvIfNoCase Via pinappleproxy spammer=yes
# code to deny the below user agents POST access to trackback
<Files trackback>
<limit POST>
SetEnvIf User-Agent "Mozilla" trackers
SetEnvIf User-Agent "Opera" trackers
SetEnvIf User-Agent ^$ trackers
setenvifnocase User-Agent "autoemailspider" getout
..etc..
setenvifnocase User-Agent "Wget/1.6" getout
SetEnvIf Request_URI "(403\.php¦robots\.txt)$" allowsome
<Files *>
order deny,allow
deny from env=spammer
deny from env=trackers
deny from env=getout
allow from env=allowit
allow from env=allowsome
</Files>
<Files .htaccess>
order deny,allow
deny from all
</Files>
