Other Server-Side Scripting

ID #319

How do I block access to my site based on certain conditions?

Applies to: Grid System, Managed Servers, VPS

You can block access to your site in a variety of different ways: by ip, file, or using any number of environment variables.

Block based on IP

To block certain IP addresses from accessing your site, use a Deny directive in an .htaccess file.

Apache's documentation explains how to do this:

http://httpd.apache.org/docs/mod/mod_access.html
http://httpd.apache.org/docs/howto/auth.html

For example, if you put the following .htaccess file in a directory, then it would operate on all directories beneath it:

Deny from 192.168.72.2
Deny From 192.168.55

The 1st Deny directive would block the exact IP address 192.168.72.2. The 2nd Deny directive would block all IP addresses fitting the pattern 192.168.55, including 192.168.55.1, 192.168.55.2, 192.168.55.254, etc.

Block access to a specific file

if you have a file underneath your DocumentRoot (accessible to a browser) that you do not want anyone to be able to view in a browser, you can block access to it with a Files directive in an .htaccess file. The .htaccess file will affect all subdirectories below the one in which the .htaccess file resides.

For example:

<FILES somefile.ext>
Order allow,deny
Deny from all
</FILES>

will deny access to any file that looks like "somefile.ext".

Please see the Apache documentation on the Files directive here.

Using environment variables

The Deny directive used above to deny specific IP ranges is also useful in conjunction with any number environment variables. Take a look at the example from this applicable article:

# Known mail harvesters
SetEnvIf User-Agent EmailCollector BAD_BOT
SetEnvIf User-Agent CherryPicker BAD_BOT

# Code Red and Nimda
SetEnvIf Request_URI ^/default.ida BAD_BOT=worm
SetEnvIf Request_URI root.exe BAD_BOT=worm

# Referrer spam
SetEnvIfNoCase Referer ^http://(www.)?xopy.com BAD_BOT=spammer
SetEnvIfNoCase Referer ^http://(www.)?aizzo.com BAD_BOT=spammer

# Bad bot, no cookie!
Order Allow,Deny
Allow from all
Deny from env=BAD_BOT


These rules are also written in a .htaccess and will affect that directory and all sub-directories below it.


Last update: 2010-11-17 15:42
Author: FAQ Admin
Revision: 1.4

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 2 (4 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ