[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 400
  • Last Modified:

SetEnvIf and Deny from to block bad referrers

My web site is getting referrer spammed and I hate it.  So I put this in my .htaccess:

SetEnvIf Referrer ^http://(www\.)?(closeouts-central|aaacloseoutsnetwork|rstrading|poolsharp|algebra-test)\.com keep_out
Deny from env=keep_out

Which had no result.  I continued to notice spam referrals from these domains.  What's the right way to do this?
1 Solution
referer = only one 'r' here. This is a spelling mistake in the rfc

SetEnvIf Referer ^http://(www\.)?(closeouts-central|aaacloseoutsnetwork|rstrading|poolsharp|algebra-test)\.com keep_out
Deny from env=keep_out

But you'll still find those log entries, because now a 403 forbidden is logged. To avoild logging, add env=!keep_out to your logging command in httpd.conf:

CustomLog logs/access_log combined env=!keep_out
(onl log requests if env keep_out is not present)
arantiusAuthor Commented:
This is a little hard to test, but I will try that and get back to you.

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now