Blocking MSProxy

Forum Moderators: phranque

Message Too Old, No Replies

Blocking MSProxy

keyplyr

7:00 am on Nov 26, 2003 (gmt 0)


XX.X.XXX.XXX - - [25/Nov/2003:09:08:11 -0800] "GET /images/image.gif HTTP/1.0" 304 - "-" "MSProxy/2.0"

I don't understand why this didn't stop it:


RewriteCond %{HTTP_USER_AGENT} ^MSProxy [NC,OR]

I could remove the anchor (^) but it should work with it.

jim_w

7:18 am on Nov 26, 2003 (gmt 0)

yea, I think that will block anything with MSProxy in the UA, but I do not consider myself an expert in the subject. I have some other UA's blocked that way. I use to block MSProxy, but then I took the block away. It was caching stuff and saving me bandwidth, thus making the raw log easier to look through.

keyplyr

7:26 am on Nov 26, 2003 (gmt 0)

Well my point is that it didn't block it - and I don't want it caching "stuff" of mine :-)

<added>
MSProxy was discontinued March 31, 2001: [microsoft.com...]

So it's likely that this software is being used simply as a website downloader.
</added>

jdMorgan

5:21 pm on Nov 26, 2003 (gmt 0)

keyplyr,

It's very odd that this access was not blocked. However, the user-agent did not actually get any data from your site. What it got was a 304 -- an indication that the last copy that it *did* take was still fresh.

Take a look through your code and see if:
1) There is a missing [OR] in the list anywhere.
2) The RewriteRule protects only certain file types, i.e. not .gifs
3) The code limits access only for certain HTTP methods, i.e. CONNECT, POST, HEAD. Method names *are* case-sensitive.
4) The code does not apply to images in subdirectories or in that specific subdirectory.

Your pattern is good, so it's some other issue.

Jim

keyplyr

5:45 pm on Nov 26, 2003 (gmt 0)

Came back once early this morning for a different image file:


XXX.XXX.XXX.XX - - [26/Nov/2003:06:45:15 -0800] "GET /images/image2.gif HTTP/1.1" 304 - "-" "MSProxy/2.0"

I had already removed the anchor (^) from the RewriteCond. Possibly I've missed some error in my code above this RewriteCond, but others below it are working.

jim_w

5:55 pm on Nov 26, 2003 (gmt 0)

>>So it's likely that this software is being used simply as a website downloader<<

I don't know about that. I still run old legal licensed MS software because everytine I upgrade I have to rewrite 1/2 to 2/3 all over again, macros, compilers, et. al.

keyplyr

3:15 am on Nov 27, 2003 (gmt 0)

Maybe you're right jim_w. I just remember a guy in a forum a couple years ago saying what a great image ripper it was and that made a negative impression in my mind that I've carried all this time.

And I need to remember that there are still a plethora of users on dial-ups who benefit from proxy methods. jdMorgan alerted me that Dual Proxy is used by many to connect via satellite, so I am removing MSProxy and Dual Proxy from my ban list and will see what happens.