SetEnvIfNoCase Referer help

Forum Moderators: phranque

Message Too Old, No Replies

SetEnvIfNoCase Referer help

How to block referrers containing specific words?

meek

7:50 pm on Mar 26, 2006 (gmt 0)

Hi.

In my .htaccess file I use the following syntax to fight referrer spam:

SetEnvIfNoCase Referer "^http://([0-9a-zA-Z_.\-]*(poker¦texas*¦hold-?em¦buy¦diet*¦loan¦money¦cash)\.)" spammer

<FilesMatch "(.*)">
Order Allow,Deny
Allow from all
Deny from env=spammer
</FilesMatch>

However, I'm still hit by sites containing the word "poker" in different combinations, such as poker-xyz.com or poker.xyz.poker.com where xyz can be vitually anything.

I tried

SetEnvIfNoCase Referer "^http://([0-9a-zA-Z_.\-]*(poker\-?[a-zA-Z0-9.]*)\.)" spammer

But it doesn't seem to work. How do I specify a SetEnvIfNoCase Referer rule that will block any referrer containing the word "poker" - no matter the combination?

Thanks.

[edited by: jdMorgan at 1:45 am (utc) on Mar. 27, 2006]
[edit reason] Removed specifics per TOS. [/edit]

jdMorgan

1:43 am on Mar 27, 2006 (gmt 0)

Simplify:


SetEnvIfNoCase Referer "^http://.*(poker¦texas.?hold-?em¦buy¦diet¦loan¦money¦cash)" spammer

Note that posting on this board modifies the pipe character, and turns it into a broken pipe "¦" -- you'll need to fix those before trying to use this code.

Jim

meek

10:51 am on Mar 27, 2006 (gmt 0)

jdMorgan >> Thanks a bunch. It seems to work. Less is more, I guess. :)

- Meek.

Pfui

1:58 am on Apr 25, 2006 (gmt 0)

Apologies in advance if this is too confusing but I've been head-banging over the preceding simplification and "SetEnvIfNoCase Referer" syntax generally and just to be sure I'm getting it (or to remove all doubt about how much I'm not:) --

1.) Will this something like this....

SetEnvIfNoCase Referer "^http://.*(example.info¦example.?)" keep_out

...block these?

http://www.example.info/script.cgi/dir
http://www.example.blah.com
http://www.example.net
http://www.example.org
[example...]
[example...]

2.) For the no-http variations, will something like this....

SetEnvIfNoCase Referer "^//.*(example.com)" keep_out

...block these?

//www.example.com/dir/
//www.example.com/

3.) And for the include-my-site variations, will something like this...

SetEnvIfNoCase Referer "(mysite.com/:80¦www.mysite/:?)" keep_out

...block these?

[mysite.com...]
[mysite.com...]
www.mysite.com/:80
(etc.)

Finally, or alternatively --

4.) For one-word and/or file name variations -- and/or ALL of the preceding examples, with or without the http and www parts? -- will this...

SetEnvIfNoCase Referer "(localhost¦server¦example¦robots)" keep_out

...block these?

[localhost...]
[localhost...]
[server...]
//www.example.com/
robots.txt

Basically, I'm trying to find the best possible "SetEnvIfNoCase Referer" for the broadest range of bad referers I've seen. It would definitely be easier if I could load up the #4 string with pipes for just about anything from host to file names, but I'm not sure if lopping off all ^ and $ anchors is kosher.

Thank you (again!) for your evaluation and help!

jdMorgan

2:55 pm on Apr 25, 2006 (gmt 0)

1.) Will something like this....
SetEnvIfNoCase Referer "^http://.*(example.info¦example.?)" keep_out
...block these?
http://www.example.info/script.cgi/dir
http://www.example.blah.com
http://www.example.net
http://www.example.org
http://www.example/
http://www.example

Simplify. I'd use:


SetEnvIfNoCase Referer "^http://(www\.)?example\." keep_out

2.) For the no-http variations, will something like this....
SetEnvIfNoCase Referer "^//.*(example.com)" keep_out
...block these?
//www.example.com/dir/
//www.example.com/

I'd use:


SetEnvIfNoCase Referer "^[^/]*example\.com" keep_out

3.) And for the include-my-site variations, will something like this...
SetEnvIfNoCase Referer "(mysite.com/:80¦www.mysite/:?)" keep_out
...block these?
http://www.mysite.com/:80/
http://mysite.com/:80
www.mysite.com/:80
(etc.)

Too complicated, and there won't be a slash before ":80". Try:


SetEnvIfNoCase Referer "mysite\.com" keep_out

Finally, or alternatively --
4.) For one-word and/or file name variations -- and/or ALL of the preceding examples, with or without the http and www parts? -- will this...
SetEnvIfNoCase Referer "(localhost¦server¦example¦robots)" keep_out
...block these?
http://localhost/
http://localhost
http://server/
//www.example.com/
robots.txt

Yes, but there's no need for the parentheses in this case:


SetEnvIfNoCase Referer "localhost¦server¦example¦robots" keep_out

The problem with that is that there's nothing to stop a valid referrer from linking to your site from a page containing one of those strings. So, you may want to be more specific, and require that those strings occur in the hostname part of the referrer:


SetEnvIfNoCase Referer "^(http://)?(www\.)?(localhost¦server¦example¦robots)\." keep_out

Jim

3r1c

2:47 pm on Apr 26, 2006 (gmt 0)

I have a similar problem.

I use mod_vhost_alias to host many domains and subdomains under the one <virtualhost>

But i want to stop file/image leeching.

I dont want to have to put a SetEnvIfNoCase line for each domain, because that would mean i would have to update and refresh apache each time a domain was add or removed, which is the whole point of using vhost alias.

Is it possible to use SetEnvIfNoCase to check if the "Referer" contains the "Host"

ie.
my image is http://example.com/img.gif
my page (referer) is http://example.com/page.html

it should just check the refere contains the hostname (example.com).

Is that possible?

Thanks,
Eric

[edited by: jdMorgan at 2:54 pm (utc) on April 26, 2006]
[edit reason] Example.com [/edit]