Solved

Need to block a URL from being requested - urgent

Posted on 2009-04-03
11
307 Views
Last Modified: 2013-11-19
Hi,
I'm not going to go in to too much detail as, to be honest, i'm a bit stuck as to the reason.  Basically, this is swamping my site with http requests.  I need to block this path, fast!!

/catalog/images/productimages/11323tn.jpghttp://www.mysite.com/catalog/images/productimages/view_page.php?section=OSHome

At what point in this path should I put in an htaccess file and what should this file say in it?
0
Comment
Question by:chriscounter07
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24064327
Try and put this in the /productimages subfolder:

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 200 total points
ID: 24064331
Hi christcounter07,

There are a number of different ways to do this with mod-rewrite:

http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apaches-mod_rewrite/

If the number of requests is from a small pool of IPs, I would choose blacklist via IP address.  If not, blacklist via the query string.

You can do this in the .htaccess file at the site root.
0
 

Author Comment

by:chriscounter07
ID: 24064391
it is from fairly randomised IP's.  Ta for your help, should be interesting to see if I can get this resolved.  I have spent the last 2 hours blocking IP's while trying to find the flaw
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24064411
Go with the query string method, then.  I've done this before and it works after a few days.  Since this is a robot, it may not get the message right away, though.
0
 

Author Comment

by:chriscounter07
ID: 24064464
jason1178,
can you write this for me, i'm feeling a bit tired now and it's not sinking in!  i know it's relatively straight forward
0
 

Author Comment

by:chriscounter07
ID: 24066529
torimar,

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

This ensures that no pictures are shown at all.  I guess this is because it is the client that requests the images?
0
 
LVL 35

Accepted Solution

by:
torimar earned 300 total points
ID: 24067501
Yes, you are right.
I was in a hurry myself, and I read your "urgent" and "fast!!", so I did not think any further. Since you get those requests by randomized URLs, you will have to use mod_rewrite in the way suggested by jason1178.

But for the time being, until you get those mod_rewrite strings sorted out and working, you could still add the most obnoxious IPs like this:

Order allow,deny
Allow from all
Deny from _BAD_IP1_
Deny from _BAD_IP2_
Deny from _BAD_IP3_

Also, if this is really a bot, and you already have a robots.txt in your root folder, try adding an additional robots.txt right inside the folder that receives those requests:

User-agent: *
Disallow: /*?
Disallow: /*.jpg$
0
 

Author Comment

by:chriscounter07
ID: 24068298
Torimar,
I am particulary grateful for your last 3 lines of your post.  I think this will help.

I have patched the hole with the code attached, put inside the folder receiving the request.  I also put it inside website root for peace of mind.
Will keep this question open for the rest of the day while I let your post sink in.

jason1178,
I'll have to read up on your link.  It is certinly the answer but alas I am not experienced enough to just extract what I think i'll need!


<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*)$ - [F,L]
</IfModule>

Open in new window

0
 

Author Closing Comment

by:chriscounter07
ID: 31566430
Torimar's answer was well written and instead of repeating what Jason1178 had already said went a little further by offering a viable alternative.  Jason1178's answer was the best of the two but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24144350
Chris,

Can I ask you to clarify this part of the grading comment?

>> but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.

Who is the OP?
0
 

Author Comment

by:chriscounter07
ID: 24145648
Hi Jason,

OP as in Original Post.  More of a forum-friendly shorthand, like AFAIK (as far as I know).  Apologies it wasn't clear.

Best Regards
Chris
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When crafting your “Why Us” page, there are a plethora of pitfalls to avoid. Follow these five tips, and you’ll be well on your way to creating an effective page.
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question