Forum Moderators: phranque
I am using the following in my .htaccess file. The problem is that my customized error pages do not show, I just get the standard Apache error messages. Could someone please help me with this. The error docs are where they should be.
I also noticed that on one particular site there are about about 8 links which the .htaccess file takes care of by showing the 403 error message. There are however a couple of links which get through the net and find the pages on my server. Any ideas/help on this would also be greatly appreciated.
# Block foreign referers
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/ [NC]
RewriteRule .* - [F]
ErrorDocument 403 /ErrorDocs/403.html
ErrorDocument 404 /ErrorDocs/404.html
[edited by: jdMorgan at 1:36 pm (utc) on Nov. 7, 2003]
[edit reason] Examplified URL [/edit]
ErrorDocument 403 /ErrorDocs/403.html
ErrorDocument 404 /ErrorDocs/404.html
# Block foreign referers
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/ [NC]
[b]RewriteRule !(403\.html¦404\.html) - [F][/b]This will allow your 403 and 404 pages. Remember to replace the broken pipe ("¦") with one entered from your keyboard. This forum replaces the right one with one that is broken.
/claus
[edited by: jdMorgan at 2:06 pm (utc) on Nov. 7, 2003]
[edit reason] Examplified URL [/edit]
That fixed it. I don`t suppose you would have any ideas on the second part of my question.
Some links (from one particular site) get through the net while the great majority dont!(they show the custom 403 page)
The links which get through are placed in a scrolling text script if that helps.
It's not easy to see how this would happen. You have a combined condition that says:
IF referrer is not empty
AND referrer is not your site
THEN serve the 403 page.You have these logical combinations:
a) referrer empty AND referrer not your site
b) referrer empty AND referrer your site
c) referrer not empty AND referrer not your site
d) referrer not empty AND referrer your site
You are banning option (c) and you wish to let option (d) pass. Option (b) is impossible, so we are stuck with option (a): The referrer is empty and it is not your site.
To take care of this case, you could add another condition like this:
--------------------------
RewriteEngine on
[b]RewriteCond %{HTTP_REFERER} ^$ [OR][/b]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/ [NC]
RewriteRule !(403\.html¦404\.html) - [F,L] Now you are blocking empty referrers. You are also blocking a referrer string that is not your site. You can do exactly the same thing by just using the one condition below:
--------------------------
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/ [NC]
RewriteRule !(403\.html¦404\.html) - [F,L] This line will block anything but case (d) above. It all boils down to: Do you wish to allow empty referrer strings or not? If you wish to allow them, you can just do like this:
--------------------------
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [OR]
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com/ [NC]
RewriteRule !(403\.html¦404\.html) - [F,L] ...which is basically your first rule with an OR in stead of an AND.
I've added an "L" flag which says that this is the last rule to be processed for this request. It saves a bit of processing time for your server.
/claus
