skype

LiveZilla Live Help

Login



Blog
Comments

Categories

Home : Blog : Htaccess : Blocking Users Or Sites By The Referrer With .Htaccess Code

Blocking Users Or Sites By The Referrer With .Htaccess Code

 E-mail
User Rating: / 0
PoorBest 
Htaccess
Saturday, 07 July 2007 08:05


Here is another good trick to block users that are coming from a domain.

When checking your logs on the server you suddenly see a many referrals from some site, but when you inspect that site closely you can not spot any incoming links from them.

Those referrals are not legitimate, they do not come from incoming links, the site is obviously hot linking your files especially images, css files or other files. The logs on your server will generate any kind of reference to your site that could be traced of course.

Blocking access by the referrer can be done with apache mod_rewrite to make a list of the referrers.

Usually mod rewrite is installed on most of the servers, but you can ask your host-support about mod rewrite. So to block all traffic that comes from a particular domain, use this code in the .htaccess file:

 

 

How to block traffic from a single domain:

 

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} custombadsite\.com [NC]
RewriteRule .* - [F]

 

 

How to block traffic from multiple domains

 

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} custombadsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anothercustombadsite\.com
RewriteRule .* - [F]

 


Under the single refferer code custombadsite\.com means the domain you want to block.


There is a backslash before the period (".") that donate a period, as in Regular Expressions, a period donates any character, which is not what we want.

"[NC]" at the end of the line means that the domain is case insensitive and even if the domain is typed with capitals, it will still be blocked.


The last line in the .htaccess code describes what action to take when a match is found – result is to fail the request, that means that incoming traffic from that domain will get a 403 Forbidden error. The difference between blocking a single referrer and multiple referrers is the added [NC, OR] flag to every additional domain but the last.


There is also the following code in the first line "Options +FollowSymlinks" above, which is commented (means it has the # in front of the line). Uncomment this line (means delete the # sign) if your server does not supportFollowSymLinks in its <directory> section in httpd.conf, and if you get a 500 Internal Server error when using this code in the .htaccess code.

Comments
Add New Search RSS
+/-
Write comment
Name:
Email:
 
Title:
 
Please input the anti-spam code that you can read in the image.