Welcome to WebmasterWorld Guest from 35.153.135.60

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

htaccess to deny linked page

     
5:06 pm on Jan 5, 2004 (gmt 0)

New User

10+ Year Member

joined:Jan 4, 2004
posts:14
votes: 0


This is the code in my htacess now

# -FrontPage-

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
#The next line modified by DenyIP
order allow,deny
#The next line modified by DenyIP
#deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName www.example.com
AuthUserFile /home/example1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/example1/public_html/_vti_pvt/service.grp

<Files 403.shtml>
order allow,deny
allow from all
</Files>

What I want to know is if this code (below) that I found on this site will work to deny access to my website from an outside website that has linked and will not remove their link. I also need to know just where to put this code in the orignal code. Could someone please help?

SetEnvIf Referer ^http://.*\badsite\.com ban
<Files *>
order deny,allow
deny from env=ban
</Files>

Thaks,
J4T

4:17 am on Jan 6, 2004 (gmt 0)

New User

10+ Year Member

joined:Jan 4, 2004
posts:14
votes: 0


Need a little help here, Please

J4T

4:52 am on Jan 6, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


Just4Tricks,

Welcome to WebmasterWorld [webmasterworld.com]!

Things tend to be quieter back here than "up front" in places like the Google forum. It might take 24-48 hours to get an authoritative answer.

In the comments of your code, it mentions "modified by DenyIP" twice. What is DenyIp? If you modify those lines, will "DenyIP" come back and change them again?

Basically, I see some problems, but if this is a script that is going to come back and re-write your existing code, then no fix I might post is going to work.

The answer to your basic question is easy, but the above is a major concern, because from what I have experienced, only ONE Order statement can appear in an .htaccess file, and the one you have is opposite what is needed to fix your problem, AND if we fix it, it might get overwritten by this mysterious DenyIP.

Therefore, the question is bigger than it appears.

Jim

10:00 am on Jan 6, 2004 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 893



...If you modify those lines, will "DenyIP" come back and change them again? - jdMorgan

LOL

7:38 pm on Jan 6, 2004 (gmt 0)

New User

10+ Year Member

joined:Jan 4, 2004
posts:14
votes: 0


Ok I just checked it again. I had to remove some IP blocking.

It is now

# -FrontPage-

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

order deny,allow
deny from all
allow from all

order deny,allow
deny from all

AuthName www.example.com
AuthUserFile /home/example1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/example1/public_html/_vti_pvt/service.grp

order allow,deny
allow from all

Ok to the above where do I put the code to deny access from a particular website?

Thanks
J4T

9:48 am on Jan 7, 2004 (gmt 0)

New User

10+ Year Member

joined:Jan 4, 2004
posts:14
votes: 0


The code that I am asking where to put in the above htaccess file is this;

SetEnvIf Referer ^http://.*\badsite\.com ban
<Files *>
order deny,allow
deny from env=ban
</Files>

Thanks

J4T

4:40 pm on Jan 7, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


J4T,

I cannot answer your question unless you answer mine. Please re-read msg#3 above, and also pay particular attention to my note about "only one Order statement".

Jim

5:49 am on Jan 8, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:Sept 16, 2000
posts:122
votes: 0


J4T,

Your edited code will not work because you have more than one Order, as explained by Jim, however it is possible to use more than one Order provided that they are put inside different <Limit> directives.

Your edited code could also wreck FrontPage extensions, if you use them and mod_rewrite will not work with FP extensions.

SetEnvIf Referer ^http://.*\badsite\.com ban

The Referer you have will not match badsite.com
Regular expressions are allowed in SetEnvIf and \b is a regular expression for word boundary. It will match anything that is not an alpha-numeric character. Domains must have alpha-numeric characters at the start.

For example it will match the following
www.#adsite.com
www. adsite.com

Use the following
SetEnvIf Referer ^http://(www\.)?badsite\.com ban

<Files *>
order deny,allow
deny from env=ban
</Files>

* will not work in your example because it is a regular expression that matches any number of preceeding characters.
eg t* will match t or ttttt or tttttttttttttttt

Regular expressions should be used in <FilesMatch> directive. You don't need to use <Files> or <FilesMatch> directives to stop badsite.com from hotlinking.

==========================================

The following should work without wrecking FrontPage extensions

# -FrontPage-

IndexIgnore .htaccess */.?* *~ *# */HEADER* */README* */_vti*

SetEnvIfNoCase Referer ^http://(www\.)?badsite\.com ban

# Put banned IPs in <Limit GET POST> below deny from env-ban
# eg. deny from 123.45.67.89

<Limit GET POST>
order allow,deny
allow from all
deny from env=ban
</Limit>

<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

AuthName www.example.com
AuthUserFile /home/example1/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/example1/public_html/_vti_pvt/service.grp