(OLD 5.7 Discussion FORUM)

htaccess problem / block by referrer

Permalink February 04, 2016 at 8:46 AM

I tried to change the concrete5 htaccess, to block traffic coming from a certain referrer.
This code doesn´t work.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} example\.com [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>

What I´m doing wrong?
kind regards
Bobby

jero replied on Feb 4, 2016 at 9:40 pm Permalink Reply

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} example.com [NC]
RewriteRule .* - [F,NC]
</IfModule>
        # -- concrete5 urls start --
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>

Viewing 15 lines of 16 lines. View entire code block.

 
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} example.com [NC]
RewriteRule .* - [F,NC]
</IfModule>
 
        # -- concrete5 urls start --
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule . index.php [L]
</IfModule>
        # -- concrete5 urls end --

This should chuck a 403 forbidden response

FAFutureLabs replied on Feb 5, 2016 at 5:04 am Permalink Reply

Hey Jero,

thanks for your reply and your help.
Your code works, but only for subpages. example.com/test

I shortly want to explain my problem.
The webmaster of example.com has wrongly pointed his A-Record to my IP Address.
I think your code is fine, but ist doesn´t work for the "home" site, because Apache doesn´t recognize the first visit of "example.com" as a referrer. Images, css, js etc is blocked (403), but pure html is delivered.

Any further idea to block a wrong A-Record pointer
kind regards
Bobby

jero replied on Feb 5, 2016 at 3:54 pm Permalink Best Answer Reply

That's likely because someone typing in example.com to their browser won't send you a referrer - because there isn't one.

Perhaps a better solution here is to add this to the top of your index.php file:

if ($_SERVER['HTTP_HOST'] == 'example.com') {
        die("These aren't the droids you're looking for");
}

HTTP_HOST is the hostname used by the browser to access your webserver.

FAFutureLabs replied on Feb 12, 2016 at 5:49 am Permalink Reply

Thanks a lot, works great.
I extended your snippet to fix the issue for subdomains, too.

if (strpos($_SERVER['HTTP_HOST'], 'example.com') !== false) {
        die("not allowed");
}

kind regards

jero replied on Feb 12, 2016 at 3:36 pm Permalink Reply

Awesome. Glad you got it working.

Forums

(OLD 5.7 Discussion FORUM)

htaccess problem / block by referrer

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?