how to block empty referrer in .htaccess? i've read this topic to deny visitors by referrer but I want to deny referrer if it is empty. Thanks
To deny the empty referer, you can use :
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^ - [F,L]
RewriteCond
ition checks to see that the referer value is empty ^$
, if it is empty then the rule redirects to forbid the request.
Related
I have .htaccess in /domainName folder with rule Deny from all and some other rules.
After this if i type :
http://www.domainName.com - i am redirected correctly
http://www.domainName.com/uri - i am redirected correctly
domainName.com - i am getting the error You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
Structure:
/domainName/
/domainName/.htaccess
/domainName/public
/domainName/public/.htaccess
/domainName/.htaccess
RewriteEngine On
RewriteBase /
Options -MultiViews
Redirect https://domainName.com https://www.domainName.com/public/index\.php
Redirect https://www.domainName.com https://www.domainName.com/public/index\.php
Redirect http://domainName.com https://www.domainName.com/public/index\.php
Redirect http://www.domainName.com https://www.domainName.com/public/index\.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI}
#1# the error You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
# Deny from all
#2#does not give errors, but i am not able to access https://www.domainName.com/public/index.php, dditionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
#<FilesMatch ".">
# Deny from all
#</FilesMatch>
#3# gives errors, about wrong configuration
# <DirectoryMatch ".">
# Deny from all
# </DirectoryMatch>
Seems, that one has to redirect in case of deny:
Deny from all
ErrorDocument 403 https://www.somedomain.com/public/index.php/
If redirect in case of deny, there will not be the error for url somedomain.com, or www. somedomain.com
Structure:
/domainName/
/domainName/.htaccess
/domainName/public
/domainName/public/.htaccess
When in somedomain.com/public/ there shall be another .htaccess, whith rule Allow from all.
Full .htacess
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
Options -MultiViews
DirectoryIndex /public/index.php
#redirect to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#[L,R=301]
# Now, rewrite any request to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Deny from all
ErrorDocument 403 https://www.somedomain.com/public/index.php/
In somedomain.com/public/ there shall be another .htaccess, whith rule Allow from all.
the error You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
This question is not the same as How to Block Spam Referrers like darodar.com from Accessing Website? as that question hightlight on how to block a specific referer.
This question is about to block any request with Referer set and give them a 404 error.
RewriteCond %{HTTP_REFERER} .
RewriteRule .* - [F]
Hope that helps.
Try in htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://(www\.)?example.com [NC]
RewriteRule ^ - [R=404,L]
The example above returns a 404 not found error for all referers from http://www.example.com , you can change the example.com string to domain.com your desired domain to block their referer.
Currently I'm blocking certain users IP addresses using
<Limit GET POST>
order allow,deny
allow from all
deny from 3.0.0.0/8
deny from 4.0.0.0/8
deny from 5.152.184.0/21
deny from 6.0.0.0/7
deny from 8.0.0.0/7
deny from 11.0.0.0/8
</Limit>
Which then once the 403 error is triggered, is redirecting them to a new domain using
ErrorDocument 403 http://www.domain.com
My question is instead of 403 redirecting them to the external domain, simply do a 301 redirect for the given url to the new domain.
Basicall, how can I trigger this code
RewriteCond %{HTTP_HOST} \olddomain.com$
RewriteRule ^(.*)$ http://newdomain.com/$1 [R=301,L]
For the IP addresses which I am denying?
You can get rid of your <Limit> container and use mod_rewrite like this:
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$
RewriteCond %{REMOTE_ADDR} ^((3|4|6|8|11)\.|5\.152\.(184\.185\.186\.187\.188\.189\.190\.191))
RewriteCond %{HTTP_HOST} olddomain\.com$
RewriteRule ^(.*)$ http://newdomain.com/$1 [R=301,L]
I need to block all requests to my site if the referrer is equal to, for example, siteb.com UNLESS the URL being requested is equal to mysite.com/pagex/?random-variable
So if the referrer is siteb.com and the URL being requested is anything other than mysite.com/pagex/?random-variable, my .htaccess file should block the request, otherwise it should be allowed through. If the referrer is not siteb.com, nothing should be done.
I've gotten as far as this:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} siteb\.com [NC]
RewriteRule .* - [F]
However that just blocks ALL requests when the referrer is siteb.com. I need to allow requests to mysite.com/pagex/?random-variable when the referrer is siteb.com
You can add one more condition to your rule to allow /pagex/?random-variable:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} siteb\.com [NC]
RewriteCond %{THE_REQUEST} !/pagex?random-variable [NC]
RewriteRule ^ - [F]
I'd like to implement 301 redirection from http://www.onbip.com/index-en.html to http://www.onbip.com/
In htaccess file I have:
RewriteRule ^.htaccess$ - [F,L] #403 Forbidden
RewriteRule ^inc/ - [F,L]
RewriteCond %{HTTP_HOST} ^onbip\.com
RewriteRule ^(.*)$ http: //www.onbip.com/$1 [R=permanent,L]
RewriteRule ^index-([^\.]+)\.html$ index.php?lang=$1 [L]
I Need to standardize the default page which will be http://www.onbip.com/
How?
In your httpd.conf file, there should already be a line to forbid access to .ht* files that will probably look like this:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
If you want to be redundent, using Files or FilesMatch to protect it would probably be good. If you want to use Rewrite for this, you could throw a 404 as though it doesn't exist.
Here is a redirect (not a mod_rewrite) for a directory /inc to a 404 page
This is at http://httpd.apache.org/docs/2.0/mod/mod_alias.html
Redirect 404 /inc
Now for rewrite
see http://httpd.apache.org/docs/current/mod/mod_rewrite.html
#Set the page (and order of if they are there) to be shown if asked for a directory
#just put index.php if that's all you want
DirectoryIndex index.php index.html
RewriteEngine on
# if not www.onbip.com, then send to http://www.onbip.com
RewriteCond %{HTTP_HOST} !^www\.onbip\.com [NC]
RewriteRule ^(.*)$ http://www.onbip.com/$1 [R=301,NC,L]
# Now if entered "/index-ab.html" then call "/?lang=ab"
# You might want to see about the regex for proper lang, I put something like "en" or "us-en"
RewriteBase /
RewriteRule ^index-([a-z]{2}(-[a-z]{2})?)\.html$ ?lang=$1 [R=301,NC,L]
The last will call "/" from the server which will be "index.php" first if it exists according to directory index.