I have been trying to work through this issue for months now, without any success.
I want to block a 3rd party site where my images are displayed at. (thirdpartysite.com)*
However everything I have tried has never worked...
I believe the forum is NOT using a referrer in its image requests... so using its domain name has never worked.
I have edited my .htaccess file to block non-referrers... but not my own site/content is ALSO being redirected to the alt image.
How can I stop this 3rd party non-referrer forum from displaying my hosted images, BUT still allow my OWN domain (mydomain.com)* to display the images correctly/properly? (not not the re-direct image)
RewriteEngine On
RewriteCond %{HTTP_REFERER} =""
RewriteRule .*\.(gif|jpg|jpeg|bmp|png)$ https://some-other-domain/some-image.jpg [R,NC]
-works to block the 3rd party site (which I guess is not sending a referrer, because add that specific domain to block has never worked)
-but also seems to block/redirect all images on MY SITE as well?
RewriteEngine On
RewriteCond %{HTTP_REFERER} =""
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com(/)?.*$
RewriteRule .*\.(gif|jpg|jpeg|bmp|png)$ https://some-other-domain/some-image.jpg [R,NC]
doesnt seem to change anything? MY domain still shows the redirected image.. (but so does the 3rd party forum site now..finally)
I have tried a slew of other entries.. but nothing has effected the 3rd party site except this:
RewriteCond %{HTTP_REFERER} =""
I'd also like to add a list of exception site that CAN hot link, such Arduino.cc,...etc (but who knows if they too send referrer info or not? - havent looked into that far yet)
How can I block this 3rd party forum, that sends no referrer info... but NOT effect my own site?
Related
I have been struggling with this for weeks, and would greatly appreciate any help. When I do a google search on my website, http://www.example.com, I get an internal server error. It took weeks but I finally got ahold of someone from google, and they said it wasn’t them, I needed to call godaddy. So I called godaddy, and they said I have a virus on my site, but for $300 they would clean it. I downloaded Wordfence and ran it, it cleaned up some items and says everything is now clear, but I’m still getting an internal server error.
I have pasted my htaccess file here
https://pastebin.com/NRDdFfZ0
and am wondering about the first three lines
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^(.*)$ maggoty-haroun.php?$1 [L]
I do have a php file called maggoty-haroun in my main site files, it just strikes me as an odd name.
https://pastebin.com/qnDu8f0k
We are a small restaurant, in a small town, badly hit by the pandemic and have been closed (curbside, delivery only) for months. Not being able to be found on google is going to be a killing blow. Is there anyone that can help?
Any help is greatly appreciated.
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)
RewriteRule ^(.*)$ maggoty-haroun.php?$1 [L]
You need to remove these directives.
These directives may simply result in a rewrite loop, hence your 500 internal server error, so they may not have done anything too malicious, except for making your site inaccessible (bad enough).
However, what they are trying to do... for any request that comes from a search engine crawler (User-Agent) OR from someone clicking on a result in the SERPs (Referer) then internally rewrite the request to maggoty-haroun.php, passing the requested URL-path in the query string (although due to the "rewrite-loop" they will end up just passing the same URL, ie. maggoty-haroun.php).
This can only be malicious - if it was successful it will de-index your pages in the search engines (and potentially damage your ranking by indexing "other" content) and prevent anyone from reaching your site.
However, unless your site is now "clean" you can't be sure that these directives won't be added back again - so you need to keep a close eye on it.
If these directives are simply resulting in a 500 error, then your site should bounce back (since a 500 error is considered "temporary" by search engines), providing this has not been the case for too long.
I have pasted my htaccess file here ...
Wow, 4000+ lines of blocking user agents and IP addresses!?
I am currently administrating some art website that contains lots of photos and other content files and it bugs me that ppl find a way around scripting and are accessing stuff directly, they download our copyright protected materials.
I was thinking about htaccess file that do the following:
someone type in address directly to the browser: http://www.mydomain.com/photos/photo.jpg
htaccess triggers and instead of showing the content - it redirects right away to: http://www.mydomain.com/ (this is important to do redirect before picture is displayed)
redirect is extremely important not just some preventing without redirect, but if someone attempts to use sowftware to download content via providing link to it then it rejects request
my knowledge about htaccess is really thin i could use a help on this one
This should work:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://www.mydomain.com/ [NC]
RewriteRule .*\.jpg|gif$ /nolinking.html [R]
If you try enter http://www.mydomain.com/photos/photo.jpg it will redirect you to http://www.mydomain.com/nolinking.html, but it will allow images to be loaded on pages if they are linked to,
I have a website called
www.example.com
I have a mobile website called
m.example.com
firstly i want to redirect automatically from desktop version to mobile site (if it is mobile only.. i want to detect all mobile versions)
then I want to use an htaccess to automatically redirect the main website URL to the mobile version..
However, there is a link on the mobile version that points back to the main website called
www.example.com/?nm=1 (nm mean nomobile)
i want to set cookie for this one.. (redirect to desktop site from mobile site)
if user come again after passing time ago.. i want to check hv cookie.. (check www.example.com/?nm=1 set cookie earlier) if havent cookie automatically redirect to mobile version... if have cookie want to stay in desktop version.
How can I accomplish this via htaccess without JavaSCript.
This answer solves part of the problem for you. Just like that answer, I am not going to suggest a list with user-agents for you. Find a list that is suitable for you, and put it in the rule. The types of mobile devices, browsers in mobile devices etc is ever-changing, and this answer would be out-dated before I even posted it. You need to adapt that rule a little to prevent it from matching if the cookie "nomobile" is set to "1". You need a rule that sees the "nm=1" in the url and sets the cookie. You probably also want some kind of reset for that oookie, which I labeled "nm=0".
RewriteCond %{QUERY_STRING} nm=1
RewriteRule ^ - [CO=nomobile:1:localhost:10000]
RewriteCond %{QUERY_STRING} nm=0
RewriteRule ^ - [CO=nomobile:0:localhost:10000]
RewriteCond %{HTTP_USER_AGENT} ^(user-agent1|user-agent2|user-agent3|etc)$
RewriteCond %{HTTP_HOST} !^m\.example\.com$
RewriteCond %{HTTP_COOKIE} !nomobile=1
RewriteRule ^(.*)$ http://m.example.com/$1 [R,L]
Please check the documentation for cookies for the correct usage of the CO-flag on your specific site. The code above is not tested, but in theory it should work.
A drupal site is pushing International traffic over quota on my (Plesk 10.4) server, and it looks as though much of that of that (~250,000 visits/month) is direct access to the URL /user/register. We are already using the botcha module to filter out spambot registrations, but that approach is resulting in two full pages being served to each bot. And while Drupal
I'm thinking that a .htaccess rule which returns a 403 response to that URL unless the referer is from the site might be the way to go, but my .htaccess-fu is not strong, and I can only find examples for blocking hot-linking of images.
What do I need to add and where?
Thanks,
Richard
You'd be checking against the HTTP referer. It's not a guarantee way to block incoming traffic linked from a site other than yours, since the field can be easily forged. But you can try adding this to the htaccess file (above any rules that are already there):
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?your-domain\com/ [NC]
RewriteRule ^user/register - [L,F]
I have developed a website (A) that needs to connect with another website (B) i.e only members of B can see site A
I can limit the incoming traffic on site A with a .htaccess rule to only come from site B, but anyone would still be able to manually type in the URLs or send a link via email:
RewriteCond %{HTTP_REFERER} .
RewriteCond %{HTTP_REFERER} !sitea\.co.uk [NC]
RewriteCond %{HTTP_REFERER} !siteb\.co.uk [NC]
RewriteRule .? - [F]
Is there something I could do with cookies? this does not have to be very secure, just stop casual users viewing site A without first logging into site B.
The cleanest approach here is to have both sites managed by the same MODx install, but use a different context for each site/domain. You can then develop a simple snippet or plugin to allow access to Site A only if the user is logged in on Site B.
Try modifying the following Domain Gateway plugin to do this:
http://rtfm.modx.com/display/revolution20/Using+One+Gateway+Plugin+to+Manage+Multiple+Domains
This is simple to accomplish and even though not necessary here it is also very secure ;)