Develop Reference

Can't block bots in htaccess

I tried to block bad bots via htaccess with this code:
I know these are 2 ways to do so, but none of them is working, I still see the bots in the access-log: What am I doing wrong?
RewriteCond %{HTTP_USER_AGENT} ^BLEXBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SemrushBot [NC,OR]
SetEnvIfNoCase User-Agent "BLEXBot" rotbot
SetEnvIfNoCase User-Agent "SemrushBot" rotbot
<Limit POST GET HEAD PUT>
Order Allow,Deny
Allow from all
Deny from env=rotbot
</Limit>
The entries in the access log look like that:
domain.org:443 46.229.168.142 - - [22/Jul/2019:08:56:26 +0200] "GET /path/to/page/ HTTP/1.1" 403 3801 "-" "Mozilla/5.0 (compatible; SemrushBot/3~bl; +http://www.semrush.com/bot.html)"
domain.org:443 94.130.219.232 - - [22/Jul/2019:08:56:24 +0200] "GET /path/to/page/ HTTP/1.1" 403 760 "-" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)"

Fix these rules to:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BLEXBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SemrushBot [NC]
RewriteRule ^.* - [F,L]
</IfModule>

htaccess: strip .html extension if present then rewrite

My htaccess is getting stuck in an infinite loop. I'm trying to strip the .html extension off a URL, if there is one, and then use the leftover string as a query string.
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.html\ HTTP/
RewriteRule ^(.*)\.html$ /$1 [R=302,L]
RewriteRule ^resources/blog$ /resources/blog/ [R=302,L,QSA]
RewriteRule ^resources/blog/$ resources/blog.php [L,QSA]
RewriteRule ^resources/blog/.*?([^\.\/]*)$ resources/blog.php?pname=$1 [L,QSA]
UPDATE:
Here's how it sit at this time. I've commented some stuff out while troubleshooting.
Options +SymLinksIfOwnerMatch -MultiViews
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Redirect to URL without .html extension (Pretty URL)
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.html\ HTTP/
RewriteRule ^(.*)\.html$ /$1 [R=302]
# Pretty url for Couch CMS blog
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^resources/blog/.*?([^\.\/]*)$ resources/blog.php?pname=$1 [L,QSA,END]
RewriteRule ^resources/blog$ /resources/blog/ [R=302,L,QSA]
RewriteRule ^resources/blog/$ resources/blog.php [L,QSA]
# RewriteRule ^resources/blog/([1-2]\d{3})/(?:(0[1-9]|1[0-2])/(?:(0[1-9]|1[0-9]|2[0-9]|3[0-1])/)?)?$ resources/blog.php?d=$1$2$3 [L,QSA]
# RewriteRule ^resources/blog/[^\.]*?([^/\.]*)/$ resources/blog.php?fname=$1 [L,QSA]
# RewriteRule ^resources/blog/[^\.]*?([^/\.]*)$ "$0/" [R=302,L,QSA]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.+)$ $1.html [L,QSA]
</IfModule>
UPDATE 2
File structure is as follow:
/
|-- static_html_files/
|-- resources/
|----- blog.php
|----- newsletter.html
|-- .htaccess
|-- index.html
Most files are static and their URL's need to be 'prettified' by stripping the .html extension from them and then redirected to with the pretty URL.
The blog.php has to be prettified as well and the Couch CMS generated links need to be rewritten. The rule for rewriting the couch cms links is the one that keeps looping.
UPDATE 3
It seems there is a 301 redirect somewhere but I don't have a 301 in my htaccess? Not sure where to go from here or where to look for this redirect. See Redirect Check results below:
https://xxxxx.ca/resources/blog/yyyyy
HTTP/1.1 301 Moved Permanently
Date: Tue, 25 Jun 2019 20:58:31 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=poplcjkqcgd4gk57c1l3lcdjg7; path=/
Location: https://xxxxx.ca/resources/blog/yyyyy.html
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
https://xxxxx.ca/resources/blog/yyyyy.html
HTTP/1.1 302 Found
Date: Tue, 25 Jun 2019 20:58:31 GMT
Server: Apache
Location: https://xxxxx.ca/resources/blog/yyyyy
Content-Length: 263
Content-Type: text/html; charset=iso-8859-1
[RINSE & REPEAT AD NAUSEAM]
UPDATE 4
After some debugging, I seem to be having an Apache problem with mod_rewrite and 'add path info postfix' which is generally solved by specifying -MultiViews and/or adding the DPI flag to the rules but neither of these seem to solve any of my problems.

Blocked by CORS but Allow origin is *

I have added the Acces Control Allow Origin header to my htaccess file, and it is being used if i check it with cURL:
curl -I https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 17 Apr 2019 11:32:12 GMT
Content-Length: 54360
Connection: keep-alive
X-Accel-Version: 0.01
Last-Modified: Wed, 17 Apr 2019 09:31:50 GMT
ETag: "d458-586b68e298fde"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 17 Apr 2019 11:32:12 GMT
Vary: Accept-Encoding,User-Agent
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS,DELETE,PUT
But when I load this font file from another domain it still gets blocked:
Access to font at 'https://mywebsite.nl/assets/fonts/TheanoDidot-Regular.woff2' from origin 'https://myotherwebsite.nl' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Do i miss something important?
My full htaccess:
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<filesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</filesMatch>
# Set up caching on media files for 1 week
<filesMatch "\.(gif|jpg|jpeg|png|swf)$">
ExpiresDefault A604800
Header append Cache-Control "public"
</filesMatch>
# Set up 2 Hour caching on commonly updated files A7200
<filesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A604800
Header append Cache-Control "proxy-revalidate"
</filesMatch>
# Force no caching for dynamic files
<filesMatch "\.(php|cgi|pl|htm)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</filesMatch>
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST,OPTIONS,DELETE,PUT"
</IfModule>
</FilesMatch>
#HSTS
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^www.mywebsite.nl$ [NC]
RewriteRule ^(.*)$ https://mywebsite.nl/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} "/assets/"
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
RewriteBase /
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php

Okay I already found the problem. My server is using a combination of apache and nginx. I had to add the following setting to my nginx.conf file
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
For me this was possible with DirectAdmin at custom-httpd settings

codeigniter redirects and search engine bots

I am new to codeigniter. In fact, I'm not even working on it. I'm just employed to work the SEO for a website. I only have access to the cpanel of the site, not the dashboard of the codeigniter (I wonder if there is one?)
So far I have been able to figure out everything that needs my attention. Only problem now is the search bots seems to be hitting redirects. When I tried to fetch as Bingbot, I get the following
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 12 Jun 2016 00:34:29 GMT
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
Location: http://www.domain.com/
Server: Apache
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
</body></html>
I figured it might be the redirect rules written into the .htaccess. But I really don't know what to change to allow for the bot to smoothly crawl the site. View .htaccess below.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
What do I need to add to the .htaccess file to allow search engines crawl the site without hitting to http 301 again? Thanks

Why did you put this code in .htaccess file?
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]

Block by useragent or empty referer

A stranger bot (GbPlugin) is codifying the urls of the images and causing error 404.
I tried to block the bot without success with this in the bottom of my .htaccess, but it didn't work.
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^GbPlugin [NC]
RewriteRule .* - [F,L]
The log this below.
201.26.16.9 - - [10/Sep/2011:00:06:05 -0300] "GET /wp%2Dcontent/themes/my_theme%2Dpremium/scripts/timthumb.php%3Fsrc%3Dhttp%3A%2F%2Fwww.example.com%2Fwp%2Dcontent%2Fuploads%2F2011%2F08%2Fmy_image_name.jpg%26w%3D100%26h%3D65%26zc%3D1%26q%3D100 HTTP/1.1" 404 1047 "-" "GbPlugin"
Sorry for my language mistakes

Here's what you can put in your .htacces file
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
SetEnvIfNoCase Referer "^$" bad_user
SetEnvIfNoCase User-Agent "^GbPlugin" bad_user
SetEnvIfNoCase User-Agent "^Wget" bad_user
SetEnvIfNoCase User-Agent "^EmailSiphon" bad_user
SetEnvIfNoCase User-Agent "^EmailWolf" bad_user
SetEnvIfNoCase User-Agent "^libwww-perl" bad_user
Deny from env=bad_user
This will return:
HTTP request sent, awaiting response... 403 Forbidden
2011-09-10 11:15:48 ERROR 403: Forbidden.

May I recommend this method:
Put this is .htaccess in root of your site.
ErrorDocument 503 "Your connection was refused"
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^(Mozilla.*537.36|Mozilla.*UCBrowser\/9.3.1.344)$ [NC]
RewriteRule .* - [R=503,L]
Where
^(Mozilla.*537.36|Mozilla.*UCBrowser\/9.3.1.344)$
are the two useragents I wanted to block in this example case.
You can use regex so a useragent like
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
could be
Mozilla.*Firefox\/40.0
^means match from beginning and $ to the end so you could block just one useragent with:
ErrorDocument 503 "Your connection was refused"
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Firefox\/40.0$ [NC]
RewriteRule .* - [R=503,L]
Or add several using the | character to separate them inside ( and ) like in the first example.
RewriteCond %{HTTP_USER_AGENT} ^(Mozilla.*537.36|Mozilla.*UCBrowser\/9.3.1.344)$ [NC]
You can test it by putting your useragent in the code and then try to access the site. http://whatsmyuseragent.com/

To block empty referers, you can use the following Rule :
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^ - [F,L]
This will forbid all requests to your site if HTTP_REFERER value is empty ^$ .
To block user agents, you can use
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} opera|firebox|foo|bar [NC]
RewriteRule ^ - [F,L]
This will forbid all requests to your site if HTTP_USER_AGENT matches the Condition pattern.