Welcome to WebmasterWorld Guest from 34.237.76.91

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

RedirectMatch 301 question

     
12:08 am on Nov 10, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


I get quite a few errors caused by requests for:

h*tp://www.my-domain.com/pagename_files.filename.gif
- or -
h*tp://www.my-domain.com/directory/filename_files.filename.gif

(The error being the "_files" part)

So far I've only seen MAC Safari users cause these errors, possibly when pulling the site down to desktop. Anyway, I'd like to redirect all paths containing "_files" to my index page. I'm guessing at this:


RedirectMatch 301 _files\. h*tp://www.my-domain.com

Thanks
12:57 am on Nov 10, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


keyplyr,

I'm going to take a guess here, and say that I think these are all image references from "Saved offline" copies of your pages. In that case, you might want to consider replacing them with either "thief.gif" or with an image overlaid with text inviting them to visit your site directly. I'd lean toward the latter method, lacking any further evidence to support allegations of maliciousness.

Something like:


RedirectMatch 301 ^.+_files\..+\.gif$ http://www.example.com/please_visit.gif

Jim
4:33 am on Nov 10, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Thanks Jim,

I agree these are references from "Saved offline" copies of my pages, but they are not all image requests. The "_files" seems to be automatically inserted into almost every kind of file request: .gif, .html, .js etc

So, following your lead, maybe I could use?


RedirectMatch 301 ^.+_files\. h*tp://www.example.com/forbidden.html

<added>
Actually, I'm not quite sure about the file types other than image files now that I recall, so until I see evidence otherwise, I think I will just go with what you suggest and use this:


RedirectMatch 301 ^.+_files\..+\.(gif¦jpg)$ h*tp://www.example.com/images/thief.png

Look OK?
</added>
4:54 am on Nov 10, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Two inter-related points...

1) Don't try to actually redirect (301 or 302) image files to html files or vice-versa. Browsers can't handle it. The same goes for scripts, etc. Generally, you can redirect from a .jpg to a .gif or vice-versa - most browsers can handle minor mix-ups of the filetype. But trying to redirect an image request to an html custom error page won't work - your "Forbidden" message will never be seen.

2) If you want to use a custom-403 response, then use mod_rewrite to return forbidden status to all "_files" requests:


RewriteRule ^.+_files\. - [F]

This will return a 403-Forbidden response and the contents of your custom 403 page. However, as noted above, browsers won't display your custom "Forbidden" page in place of a requested image - just a broken image icon. However, the danger of confusing the browser is much less, since it 'knows' by the 403 response that it was forbidden to access the requested resource, so it won't try to render it.

Jim

5:01 am on Nov 10, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


RedirectMatch 301 ^.+_files\..+\.(gif¦jpg)$ h*tp://www.example.com/images/thief.png

doesn't work. When I request: h*tp://www.example.com/image_files/logo.gif
my 404 error page comes up.

<added>


RewriteRule ^.+_files\. - [F]

also returns 404 instead of 403
3:20 pm on Nov 10, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


keyplyr,

The page h*tp://www.example.com/image_files/logo.gif does not match the rule, and therefore is not forbidden. Then, since it is not present, it 404's.

The URLs in your initial posts and the code you posted all mention "_files<dot><something>" and your test URL does not contain a dot after "_files". Therefore, it failed.

If it is not the case that the dot is always present, then change the rule:


RedirectMatch 301 ^.+_file[b]s.+\.(g[/b]if¦jpg)$ h*tp://www.example.com/images/thief.png

Jim
6:49 pm on Nov 10, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893


Thanks again Jim. I was actually testing with several different paths.

Fact of the matter is, there is no real pattern I can narrow these requests down to. The "_files" seems to be present in various places in the paths to different files. Any file linked to my page would get this. Sorry I should have been more exact in posting examples.

I've banned the offending IPs, so for the moment these errors have stopped, but they have come from many IPs in the past. Time will tell if this was just 1 or 2 users, or a widely used download tool.

Just a side note: Now that I have dozens of download tools, rippers, bad guy IPs, etc. banned or blocked, I'm aware of just how many "hostile" occurrences happen on a daily basis - rather discouraging. This must be how security guards in a retail store feel.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members