I need advice how can I redirect user to my "custom.html" page and inform them that they are using vpn service or proxies.
I wish my code work just like this site: https://awebanalysis.com/en/ip-proxy-checker/
Screen detection shows that I use VPN]: https://i.stack.imgur.com/5Fvv4.png
I'mdoing this because there is a live chat in my website and I can ban only IP and there is a guy who come to my site every day few times with different IP from different VPNs and insulting me and makes jokes. So if he will come with real IP since he wont be able to load my index.html if using proxies or vpn I will caught his IP.
I added this code to my .htaccess file but it allow me to vist if Im under vpn or proxies.
RewriteOptions inherit
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
RewriteCond %{HTTP_HOST} ^mysite\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^products\/product\-01\/category\-id\-001\-abc$ "https\:\/\/example\.com\/product\-01\-category\.html" [R=301,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^146\.70\.
RewriteRule ^ - [F]
Order Allow,Deny
Deny from 85.31.0.
Deny from 146.70.46.
Deny from 107.181.177.
Deny from 122.161.53.
Deny from wiredns.net
Deny from datapacket.com
Deny from 154.47.30.
Deny from 137.59.145.
DEny from 89.46.62.
Deny from lightspeed.wepbfl.sbcglobal.net
Allow from all
Related
I wanted to keep the redirect rule. but I don't want to have to add site by site so that they can display the image. how can i change this rule so that it can do this trick? thanks in advance. Any help is welcome :)
actual htaccess
<Files ~ "\.(jpg|jpeg|png|gif)$">
Order allow,deny
allow from all
</Files>
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)fbclid=
RewriteRule ^ / [L,R=permanent]
RewriteCond %{HTTP_REFERER} !^https://mysite,com [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://externalsite,com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://externalsite2,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://mysite,com.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://mysite,com [NC,R,L]
<IfModule mod_php4.c>
php_value engine off
</IfModule>
<IfModule mod_php5.c>
php_value engine off
</IfModule>
<Files ~ "\.((php[0-9]?)|p?html?|pl|sh|java|cpp|c|h|js|rc)$">
Order allow,deny
Deny from all
</Files>
RewriteCond %{HTTP_REFERER} !^https://mysite,com [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://externalsite,com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://externalsite2,com/ [NC]
RewriteCond %{HTTP_REFERER} !^https://mysite,com.*$ [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://mysite,com [NC,R,L]
I wanted to give full access to other sites to incorporate my content ... redirecting if you access the file directly at example.com/uploads/test.gif
If you simply want to block direct access (in which case the Referer header is empty) and allow all other sites to link to your images (basically the opposite of "hotlink protection") then you can replace the above rule (that redirects such requests to the root) with the following:
RewriteCond %{HTTP_REFERER} ^$
RewriteRule \.(jpg|jpeg|png|gif)$ https://example.com/ [NC,R,L]
This redirects all direct requests to the root / home page.
(You had erroneous commas , in your original directives that would have prevented this from working?!)
HOWEVER, basing this redirect on the HTTP Referer is unreliable - you will get false positives. The Referer is sent by the browser - so the user can control (and suppress) what is sent. The website that is linking to you can also set a referrer-policy that suppresses the HTTP Referer being sent - so all requests from some sites might look like direct requests anyway and end up being blocked. There is no way around this.
The domain name 2nicksplumbing.com that is privately registered is being indexed by Google and directed to NicksPlumbing.com
I have attempted the following to block it with no luck...
Blocked the domains ip in cPanel
Deny method in .htaccess file
RewriteCond method in .htaccess file (code below)
Can anyone suggest why I cannot block this domain name from pointing to our site?
Options +FollowSymLinks
RewriteEngine On
ErrorDocument 404 https://www.nicksplumbing.com/404.html
RewriteCond %{HTTP_REFERER} 2nicksplumbing\.com [NC]
RewriteRule .* - [F]
RewriteCond %{HTTP_HOST} ^nicksplumbing\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^nicksplumbingrepair\.com [NC,OR]
RewriteCond %{HTTP_HOST} ^www.nicksplumbingrepair\.com [NC,OR]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.nicksplumbing.com/$1 [L,R=301]
RewriteCond %{THE_REQUEST} ^.*/index.html
RewriteRule ^(.*)index.html$ https://www.nicksplumbing.com/$1 [R=301,L]
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I see you've tried to block the domain using HTTP_REFERER, the other method to try is using the env=bad directive:
SetEnvIfNoCase Referer "2nicksplumbing\.com" bad_referer
SetEnvIfNoCase Referer "www\.2nicksplumbing\.com" bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
The above will allow access to your website from everything that isn't on your bad_referer list. For more information you can read the Apache Documentation for this.
Clear your cache before testing this.
I will add however, it doesn't seem like this private domain is doing harm to your website? It is simply referring traffic to your website.
I have some rules that deny access to a contact form from certain IP addresses as below
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
#restrict access to contact form
RewriteCond %{REQUEST_URI} ^.(index.php/)?contact(.*) [NC]
RewriteCond %{REMOTE_ADDR} ^81\.136\.137\.239
RewriteRule ^(.*)$ / [F,L]
Before I put the https rewrite in the restrictions to the contact form worked OK.
After forcing all traffic to https I am able to get to the contact form even from IP addresses specifically restricted.
Is there something in the REQUEST_URI line that is not picking up https connections? (I would like it to restrict access on both http and https if possible but if not then just https)
Go to contact folder and make .htaccess and put the following code inside it :
deny from 81.136.137.239
if you have more IP add them like example above
update
If it is file try this :
RewriteEngine On
RewriteCond %{REQUEST_URI} contact
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.239
RewriteRule ^(.*)$ / [F,L]
For more IPs :
RewriteEngine On
RewriteCond %{REQUEST_URI} contact
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.239 [OR]
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.230 [OR]
RewriteCond %{REMOTE_ADDR} ^81\.136\.136\.220
RewriteRule ^(.*)$ / [F,L]
I'm having trouble connecting the dots here. Is there an in between step for changing the url within the .htaccess. This is what I have so far.
moniquetrinidadjewelry.com/necklace/product.php?id=17&product_name=enchanting%2520pearl
and the rewrite
RewriteEngine On
RewriteRule ^$necklace/([a-zA-Z]+)/([0-9]+)/$ product.php?id=$1&product_name=$2
My goal and what I believed to be set as above is a url of moniquetrinidadjewelry.com/necklace/id/product_name
I'm not entirely sure where the issue is coming from. There is no change within the address bar at refresh, reload or a start over of browse.(ie. home necklace> ect.)
Am I missing something important or have I skipped a step not within the htaccess itself?
Edit:
# Use PHP5.3 Single php.ini as default
AddHandler application/x-httpd-php53s .php
# Always use www in the domain
# Replace 'moniquetrinidadjewelry' with your domain name
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([a-z.]+)?moniuetrinidadjewelry.com$ [NC]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule .? http://www.%1moniquetrinidadjewelry.com%{REQUEST_URI} [R=301,L]
RewriteEngine on
RewriteCond %{QUERY_STRING} ^id=([0-9]+)&product_name=([a-zA-Z]+)$
RewriteRule product.php necklace/%1/%2/
# For security reasons, Option followsymlinks cannot be overridden.
#Options -MultiViews +FollowSymlinks
Options -MultiViews +SymLinksIfOwnerMatch
RewriteEngine on
# Always use www in the domain
# Replace 'moniquetrinidadjewelry' with your domain name
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([a-z.]+)?moniuetrinidadjewelry.com$ [NC]
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule .? http://www.%1moniquetrinidadjewelry.com%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteRule ^/?(.*/?)index\.(htm|html|php) /$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
ErrorDocument 404 /
<Files error_log>
order allow,deny
deny from all
</Files>
# Ultimate htaccess Blacklist 2 from Perishable Press
# Deny domain access to spammers and other scumbags
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah- ha|almaden|aktuelles|Anarchie|amzn_assoc|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoema ilspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot#yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clip ping|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|DA$|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp#gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|Get WebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead- Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub- client|Harvest|hhjhj#yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth |LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler| MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite |NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pockey|Proxy|psbot|PSurf|puf|Pump| PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT- HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|Smar tDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot |SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vac uum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by \.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft#bea|webdevil|webdownloader|We bdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|W ebsite|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|W get|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Zeus.*Webster|Zeus [NC]
RewriteRule ^.* - [F,L]
If I understand correctly, you must first capture the query string parts in a RewriteCond and then use that in a RewriteRule
RewriteCond %{QUERY_STRING} ^id=([0-9]+)&product_name=([a-zA-Z]+)$
RewriteRule product.php necklace/%1/%2/ [R,L]
This rule will fire, when there's a URL product.php?id=17&product_name=enchanting%2520pearl and rewrite it to necklace/17/enchanting%2520pearl. The client is redirected and the browser bar should show the new URL.
If you want it the other way round, this one should work
RewriteRule necklace/([0-9]+)/([a-zA-Z]+) product.php?id=$1&product_name=$2
I'm trying to help a friend whose client knee-jerked her whole site into SSL after a hacking attempt. It's wreaking havoc w/ her SEO, causing duplicate pages to be indexed, bleeding PageRank where old links no longer point to the correct URL, etc, etc.
Anyway, I modeled the .htaccess after another post on here that seemed to almost fit the bill, but I wanted to run it by the experts here to make sure that the file looked correct.
Basically, ALL pages on the site need to be redirected back to HTTP from HTTPS except a handful of html pages, some .php pages, and a .cgi script. Can you tell me if there's an easy rule to set all php pages to be HTTPS, and then set a few additional HTML pages behind HTTPS and a .cgi script? I'd really appreciate it. Here's what I've got so far:
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*
<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit GET POST>
order deny,allow
deny from all
</Limit>
AuthName thedomain.com
AuthUserFile /home/thesitename/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/thesitename/public_html/_vti_pvt/service.grp
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} page1.html
RewriteCond %{REQUEST_URI} page2.html
RewriteCond %{REQUEST_URI} page3.html
RewriteCond %{REQUEST_URI} page4.html
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteCond %{SCRIPT_FILENAME} \/page\.php [NC]
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301]
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !(auth|register|secure)
RewriteCond %{REQUEST_URI} !originalpage.php
RewriteCond %{REQUEST_URI} !cgi-script.cgi
RewriteRule ^(.*)$ http://%{SERVER_NAME}%{REQUEST_URI} [R=301]
Can you tell me if there's an easy rule to set all php pages to be HTTPS, and then set a few additional HTML pages behind HTTPS and a .cgi script?
This rule redirects all php scripts, 4 html pages, and a cgi-script to HTTPS if the request isn't HTTPS
RewriteCond %{HTTPS} off
RewriteCond ${REQUEST_URI} \.php$ [OR]
RewriteCond %{REQUEST_URI} /page1.html$ [OR]
RewriteCond %{REQUEST_URI} /page2.html$ [OR]
RewriteCond %{REQUEST_URI} /page3.html$ [OR]
RewriteCond %{REQUEST_URI} /page4.html$ [OR]
RewriteCond %{REQUEST_URI} /cgi-script.cgi$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This rule does the opposite, redirecting anything that is HTTPS and isn't a php script, those 4 html pages or the cgi-script to HTTP
RewriteCond %{HTTPS} on
RewriteCond ${REQUEST_URI} !\.php$
RewriteCond %{REQUEST_URI} !/page1.html$
RewriteCond %{REQUEST_URI} !/page2.html$
RewriteCond %{REQUEST_URI} !/page3.html$
RewriteCond %{REQUEST_URI} !/page4.html$
RewriteCond %{REQUEST_URI} !/cgi-script.cgi$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]