I recently came across several cloud based services image scraping my website and had to block them based on their User Agent string.
However this would be very inefficient if I had to check my logs on a regular basis to find out who they are and add them to the htaccess block list.
After investigations it transpired that these bots all have user agent strings less than about 12 characters e.g. "moe".
So I was looking for a way to block user agents based on the length of the UA string. But of course you cannot perform calculations in htaccess.
So I came up with the following:
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{12}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{11}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{10}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{9}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{8}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{7}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{6}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{5}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{4}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{3}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{2}$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^[a-z0-9./:;-=]{1}$ [NC]
RewriteRule .*\.(js|ico|gif|jpg|png|swf|rm|mov|mpg|mpeg)$ xxxxx/hotlink.gif [F,NC,L]
I would appreciate any feedback on this if I have missed any likely characters that could be used by UA or if anyone can see any problems with this approach.
I do have all the other usual image hotlinking in place.
This is to prevent cloud services hotlinking to images from newsletters.
Thanks in advance.
Related
I am using htaccess to create a mobile redirect for my website. Basically it changes mysite.com to m.mysite.com. In the process it also changes the url of images. How can I prevent that? Below is the code I am using.
# turn on rewrite engine
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/blog/
# only detect smart phone devices if we are not on mobile site
# to prevent redirect looping
RewriteCond %{HTTP_HOST} !^m.easydestination.net$
# a bunch of smart phone devices
RewriteCond %{HTTP_USER_AGENT} "sony|symbian|nokia|samsung|mobile" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "windows ce|epoc|opera|mini|nitro" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "j2me|midp-|cldc-|netfront|mot" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up\.browser|up\.link|audiovox" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "mini|nitro|j2me|midp-|cldc"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "netfront|mot|up\.browser|up\.link"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "audiovox|blackberry|ericsson,"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "panasonic|philips|sanyo|sharp|sie-"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "portalmmm|blazer|avantgo|dange"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|series60|palmsource|pocketpc"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "smartphone|rover|ipaq|au-mic,"[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "alcatel|ericy|vodafone\/|wap1\."[NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wap2\.|iPhone|android"[NC,OR]
# redirect google mobile bot
RewriteCond %{HTTP_USER_AGENT} "googlebot-mobile"[NC]
# if the request is from any one of the above devices
# redirect to mobile site
RewriteRule .? http://m.easydestination.net%{REQUEST_URI} [L,R=302]
You can add this, line before the last RewriteRule:
RewriteCond %{REQUEST_URI} !\.(?:gif|jpe?g|png)$ [NC]
To exclude all files with .gif .jpeg .jpg .png
Do not forget after to use absolute links for those images.
So i have been trying to create a mobile redirect for a portion (service area) of my site. The way the site is built requires me to use the htaccess file to accomplish this. I have the code in and for some reason any visitors coming from Google AdWords or Map Listings are forwarded to the mobile site, whether or not they are on mobile/desktop. This is the only case i have an issue.
My thought was to create a redirect back to the standard site from the mobile site for non-mobile visitors. Will this create a loop or will this actually work? Also how would the code work to designate, if NOT mobile, redirect to specific page. Here is what i have:
RewriteCond %{HTTP_ACCEPT} !text\/vnd\.wap\.wml|application\/vnd\.wap\.xhtml\+xml [NC,OR]
RewriteCond %{HTTP_USER_AGENT} !sony|symbian|nokia|samsung|mobile|windows ce|epoc|opera [NC,OR]
RewriteCond %{HTTP_USER_AGENT} !mini|nitro|j2me|midp-|cldc-|netfront|mot|up\.browser|up\.link|audiovox [NC,OR]
RewriteCond %{HTTP_USER_AGENT} !blackberry|ericsson,|panasonic|philips|sanyo|sharp|sie- [NC,OR]
RewriteCond %{HTTP_USER_AGENT} !portalmmm|blazer|avantgo|danger|palm|series60|palmsource|pocketpc [NC,OR]
RewriteCond %{HTTP_USER_AGENT} !smartphone|rover|ipaq|au-mic,|alcatel|ericy|vodafone\/|wap1\.|wap2\.|iPhone|android [NC]
RewriteRule ^mobile-homepage$ http://www.example.com/homepage [L,R=302]
You want to get rid of all the OR flags in your conditions. You don't want "Not A" or "Not B" (because then only B would make conditions true), you want "Not A" AND "NOt B"
RewriteCond %{HTTP_ACCEPT} !text\/vnd\.wap\.wml|application\/vnd\.wap\.xhtml\+xml [NC]
RewriteCond %{HTTP_USER_AGENT} !sony|symbian|nokia|samsung|mobile|windows ce|epoc|opera [NC]
RewriteCond %{HTTP_USER_AGENT} !mini|nitro|j2me|midp-|cldc-|netfront|mot|up\.browser|up\.link|audiovox [NC]
RewriteCond %{HTTP_USER_AGENT} !blackberry|ericsson,|panasonic|philips|sanyo|sharp|sie- [NC]
RewriteCond %{HTTP_USER_AGENT} !portalmmm|blazer|avantgo|danger|palm|series60|palmsource|pocketpc [NC]
RewriteCond %{HTTP_USER_AGENT} !smartphone|rover|ipaq|au-mic,|alcatel|ericy|vodafone\/|wap1\.|wap2\.|iPhone|android [NC]
RewriteRule ^mobile-homepage$ http://www.example.com/homepage [L,R=302]
The only questionable bit is the first condition. There's not way to logically group that OR everything else.
I have the following htaccess file. This will redirect users to m.website.com when a mobile device is detected. This works, however, when people visit the mobile website on m.website.com they have the option to switch to desktop view (if they prefer). When they clicked on desktop view they will be send to www.website.com (which at this point sends them back to m.website.com) but in this situation I like to keep them at the original website at www.website.com. Is there a way with the COOKIE that if a certain condition is met, they will be kept on the desktop website and if that condition is not met the redirect will occur?
RewriteEngine on
RewriteBase /
RewriteCond %{QUERY_STRING} (^|&)m=0(&|$)
RewriteRule ^ - [CO=mredir:0:www.website.com]
RewriteCond %{HTTP:x-wap-profile} !^$ [OR]
RewriteCond %{HTTP:Profile} !^$ [OR]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
RewriteCond %{HTTP_HOST} !^m\.
RewriteCond %{QUERY_STRING} !(^|&)m=0(&|$)
RewriteCond %{HTTP_COOKIE} !^.*mredir=0.*$ [NC]
RewriteRule ^ http://m.website.com [R,L]
I have a mobile version of a site http://www.m.fdl.de/
and a desktop version http://www.fdl.de/
With a .htaccess redirect I link all mobile users to the mobile version, what is running nice.
On my mobile Site I set a link in the footer that should link back to the desktop version.
I tried it with several .htaccess solutions I found on stackoverflow but with no success.
my link is always linking me back to the mobile site.
This is my .htaccess . I found it on this post: Mobile Redirect using htaccess
RewriteEngine on
RewriteBase /
# Check if this is the noredirect query string
RewriteCond %{QUERY_STRING} (^|&)m=0(&|$)
# Set a cookie, and skip the next rule
RewriteRule ^ - [CO=mredir:0:www.fdl.de]
# Check if this looks like a mobile device
# (You could add another [OR] to the second one and add in what you
# had to check, but I believe most mobile devices should send at
# least one of these headers)
RewriteCond %{HTTP:x-wap-profile} !^$ [OR]
RewriteCond %{HTTP:Profile} !^$ [OR]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
# Check if we're not already on the mobile site
RewriteCond %{HTTP_HOST} !^m\.
# Can not read and write cookie in same request, must duplicate condition
RewriteCond %{QUERY_STRING} !(^|&)m=0(&|$)
# Check to make sure we haven't set the cookie before
RewriteCond %{HTTP_COOKIE} !^.*mredir=0.*$ [NC]
# Now redirect to the mobile site
RewriteRule ^ http://m.fdl.de [R,L]
It woul be very nice if someon coul help me!
I might be really late, but i found out that the link to the full site must be like this:
Full Site
Hope it helped.
we've got a few sites using the same cms and we keep getting hacked which we're looking at now.
Problem is its taking a while and its really hard to find all the compromised database entries quickly.
In the meantime how can we stop requests to external servers with htaccess?
ie if there's a request to an external domains script that contains ".ru" block?
any help would be much appreciated!!!
best, Dan.
ok found this article which has methods to do this;
http://stopmalvertising.com/security/securing-your-website-with-htaccess/Page-4.html
even five a list of other notorious robots to block;
##############################################################
# stop the hacks!
# useragents starting with
RewriteCond %{HTTP_USER_AGENT} ^atraxbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Azureus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^geohasher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PycURL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Python-urllib [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^research-scan-bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Sosospider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^xenu [NC,OR]
# user agent contains string
RewriteCond %{HTTP_USER_AGENT} ^.*onmult.ru [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*casper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*goblox [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*sun4u [NC]
RewriteRule ^(.*)$ - [F]
best, Dan.