I want to allow access only to my country(using cloudflare) and user agents (for SEO bots). So actually my country and user agents (for SEO) will have access to allow/index.html, while everybody else is redirected to others.html
I use this in .htaccess :
RewriteCond %{HTTP:CF-IPCountry} ^(IT)$
RewriteCond $1 !^(allow)
RewriteRule ^(.*)$ /allow/index.html [L]
DirectoryIndex others.html
SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot
Allow from env=search_robot
I need to know if it is correct especially user agents access.
Related
I am using this code in my htaccess file to block traffic from specific websites to my website and it works:
RewriteEngine On
SetEnvIfNoCase Referer "example.com" bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
Now what I want is set a time for this code, for example, visitors from a specific website are only allowed to visit my website from 08:00 till 17:00
I tried this:
RewriteEngine On
RewriteCond %{TIME_HOUR}%{TIME_MIN} >0800
RewriteCond %{TIME_HOUR}%{TIME_MIN} <1700
SetEnvIfNoCase Referer " example.com " bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
But does not seem to work, visitors are still blocked between the set time stamp
Thanks
Robert
You can't use SetEnv with RewriteRule as these two directives are part of two different apache modules. You can use mod-rewrite to achieve what you want to :
RewriteEngine On
RewriteCond %{TIME_HOUR}%{TIME_MIN} >=0800
RewriteCond %{TIME_HOUR}%{TIME_MIN} <=1700
RewriteCond %{HTTP_REFERER} example\.com [NC]
RewriteRule ^ - [R=403,L]
Website: http://www.trbi.com.ph/
I edited the .htaccess and inputted a code to allow Google Bot and block the spam bots:
SetEnvIfNoCase User-Agent .*google.* search_robot
SetEnvIfNoCase User-Agent .*yahoo.* search_robot
SetEnvIfNoCase User-Agent .*bot.* search_robot
SetEnvIfNoCase User-Agent .*ask.* search_robot
Order Deny,Allow
Deny from All
Allow from env=search_robot
Then uploaded the .htaccess using FTP. I refreshed the website and it now displays the Apache 2 Test Page.
What should I do? HELP PLS!
I want to block several agents that I have seen in my server logs,
their exact names in the logs were, for example:
Python-urllib/2.6
Python-urllib/2.7
CATExplorador/1.0beta (sistemes at domini dot cat; http://domini.cat/catexplorador.html)
I've seen this example, but not sure how to implement it,
should it be exactly as they appeared:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Python-urllib/2.6 [OR]
RewriteCond %{HTTP_USER_AGENT} ^Python-urllib/2.7 [OR]
RewriteCond %{HTTP_USER_AGENT} ^CATExplorador/1.0beta (sistemes at domini dot cat; http://domini.cat/catexplorador.html) [OR]
RewriteRule ^.* - [F,L]
Or would this be good as well:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^python [OR]
RewriteCond %{HTTP_USER_AGENT} ^catexplorador [OR]
RewriteRule ^.* - [F,L]
Questions for example:
If I want to block all versions of this "python" (or all agents
containing that string), would the second code work?
are the names case-sensitive? (catexplorador vs CATExplorador vs CaTExplorador)
Are these the right flags?
how to block "blank" user agents? (is it recommended?)
To block all agents starting with python OR catexplorador and making it case insensitive you can use:
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{HTTP_USER_AGENT} ^(python|catexplorador) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^.* - [F,L]
One option to block specific user agents is to use this tutorial.
BrowserMatchNoCase python bad_bot
BrowserMatchNoCase catexplorador bad_bot
Order Deny,Allow
Deny from env=bad_bot
The BrowserMatchNoCase allows case insensitive matches against the user agent.
A second option is to use the SetEnvIfNoCase command
SetEnvIfNoCase Referer "^$" bad_user
SetEnvIfNoCase User-Agent "python" bad_user
SetEnvIfNoCase User-Agent "catexplorador" bad_user
SetEnvIfNoCase User-Agent "^$" bad_user
Order Deny,Allow
Deny from env=bad_bot
This example blocks empty referrers (WARNING! NOT RECOMMENDED) and user agents that contain either python or catexplorador. You don't want to block empty referrers because they can be removed automatically by browsers. It also blocks empty user agents using the last line. Browsers can also do this automatically, depending on how they are configured.
Side note: User agents can be spoofed and changed at will and this is not guaranteed to block anything if the user changes their user agent.
The BrowserMatch is a special cases of the SetEnvIf directive that sets environment variables conditional on the User-Agent HTTP request header. The BrowserMatch can only check the user agent, while the SetEnvIf can check other parameters.
I have tried the below code in htaccess to stop my images from being hotlinked, but it is not working.
SetEnvIfNoCase Referer "^http://www.example.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://www.example.comm$" locally_linked=1
SetEnvIfNoCase Referer "^http://example.com/" locally_linked=1
SetEnvIfNoCase Referer "^http://example.com$" locally_linked=1
SetEnvIfNoCase Referer "^$" locally_linked=1
<FilesMatch "\.(gif|png|jpe?g|css|js)$">
Order Allow,Deny
Allow from env=locally_linked=1
</FilesMatch>
Can anyone help me with how to prevent hotlinking?
This will show a fixed image whenever its hotlinked. (That image may have a message that Hotlinking in not allowed...)
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com [NC]
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlink.jpg [L]
It checks Refererr is not nothing, and referer is not matching mydomain then it responds with the image nohotlink.jpg.
To understand hotlinking prevention better see these SO threads:
Apache .htaccess hotlinking redirect
Apache Hotlink Protection for Download Folder
A Basic tutorial http://altlab.com/htaccess_tutorial.html
This disallows anything from hotlinking unless the referer is from example.com.
SetEnvIf Referer example\.com localreferer
<FilesMatch \.(jpg|png|gif|css|js|pdf|doc|xls|txt)$>
Order deny,allow
Deny from all
Allow from env=localreferer
</FilesMatch>
I've got problem, I want to prevent hotlinking from some subdomain in specified directory.
Let's say, that we've got images at:
http://s1.domain.com/media/image1.jpg
http://s1.domain.com/media/image2.jpg
As default it is access to these locations, and users can see this photos. I want to prevent
from hot linking, but with no error message, but with redirection, so if user put this address into browser (http://s1.domain.com/media/image1.jpg), i want to redirect it do PHP script, as: domain.com/filename/image1.jpg. I want to make it with .htaccess. So please, can you give me code to put into this file.
Thanks for responses!
in the httpd.conf try this..
SetEnvIfNoCase Referer "^http://www\.yourdomain\.com/" banimages=1
SetEnvIfNoCase Referer "^http://yourdomain\.com/" banimages=1
SetEnvIfNoCase Referer "^$" banimages=1
<FilesMatch "\.(gif|png|jpe?g)$">
Order Allow,Deny
Allow from env=banimages=1
</FilesMatch>
or
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]
or some other techniques also available..