Ban Front Page?

Forum Moderators: phranque

Message Too Old, No Replies

Ban Front Page?

keyplyr

4:51 am on May 19, 2003 (gmt 0)

Any way to ban Front Page editor from browsing my website and filling my error logs with bogus requests? Thanks

jdMorgan

5:35 am on May 19, 2003 (gmt 0)

keyplyr,

I have used the following mod_rewrite directives in .htaccess:


RewriteCond %{HTTP_USER_AGENT} MS.*FrontPage [NC]
RewriteRule !^403.*\.html$ - [F]

Note that the RewriteRule allows access to my custom 403-Forbidden error pages. If you don't have any such pages, you can simply change the RewriteRule above to:


RewriteRule .* - [F]

You will still see attempted accesses from FP - and the resultant 403 error entries in your logs. However, the users typically give up pretty quickly, so this reduces the number of entries.

HTH,
Jim

keyplyr

7:00 am on May 19, 2003 (gmt 0)

Thanks Jim,

I currently have custom error pages named:

ErrorDocument 400 /error.html
ErrorDocument 401 /authentication.html
ErrorDocument 403 /forbidden.html

Would your example still work?

Or should my custom error pages have a name that corresponds with the error number? Example:

ErrorDocument 400 /400.html
ErrorDocument 401 /401.html
ErrorDocument 403 /403.html

<added>
I think I figured it out. To use my current file name, it should be:

RewriteCond %{HTTP_USER_AGENT} MS.*FrontPage [NC]
RewriteRule!^forbidden\.html$ - [F]

Thanks
</added>

keyplyr

6:09 pm on May 19, 2003 (gmt 0)

I also get dozens of MSOffice errors. If I wish to deny also, would this work?

RewriteCond %{HTTP_USER_AGENT} MS.*FrontPage [OR]
RewriteCond %{HTTP_USER_AGENT} MS.*Office
RewriteRule!^forbidden\.html$ - [F]

Do users in the work place sometimes view sites with MSOffice? If so, maybe I should deny it? Thanks

jdMorgan

6:20 pm on May 19, 2003 (gmt 0)

key,

Yes, that should work. I don't know about MSOffice - the boundaries between it and IE do seem to be melting.

Your surmise on the 403 error file name change was correct.

Jim

keyplyr

4:51 am on May 20, 2003 (gmt 0)

MSOffice appears in my error_logs like this:

[Mon May 19 13:20:00 2003] [error] [client 205.152.138.58] File does not exist:
/www/a/my_domain/htdocs/MSOffice/cltreq.asp

Hundreds of requests continue, despite using:

RewriteCond %{HTTP_USER_AGENT} MS.*Office
RewriteRule!^forbidden\.html$ - [F]

Is it possible that the UA should be written thusly?

RewriteCond %{HTTP_USER_AGENT} MSOffice

I've tried it for a couple hours. They have dropped down to just a few, but that could be chance. Has anyone else been successful blocking MSOffice?

jdMorgan

5:08 am on May 20, 2003 (gmt 0)

keyplyr,

"MS.*Office" will match "MSOffice" or "MS<anything>Office", so it should make no difference.

Microsoft's arrogance is what causes their products to continue requesting proprietary files despite being told they don't exist.

You could also try blocking by requested filename using %{REQUEST_URI} :


Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} MS.*Office [NC,OR]
RewriteCond %{REQUEST_URI} MSOffice [NC]
RewriteRule !^forbidden\.html$ - [F]

Jim

Ban Front Page?

keyplyr

jdMorgan

keyplyr

keyplyr

jdMorgan

keyplyr

jdMorgan

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week