Solved

Need to block a URL from being requested - urgent

Posted on 2009-04-03
11
304 Views
Last Modified: 2013-11-19
Hi,
I'm not going to go in to too much detail as, to be honest, i'm a bit stuck as to the reason.  Basically, this is swamping my site with http requests.  I need to block this path, fast!!

/catalog/images/productimages/11323tn.jpghttp://www.mysite.com/catalog/images/productimages/view_page.php?section=OSHome

At what point in this path should I put in an htaccess file and what should this file say in it?
0
Comment
Question by:chriscounter07
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24064327
Try and put this in the /productimages subfolder:

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 200 total points
ID: 24064331
Hi christcounter07,

There are a number of different ways to do this with mod-rewrite:

http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apaches-mod_rewrite/

If the number of requests is from a small pool of IPs, I would choose blacklist via IP address.  If not, blacklist via the query string.

You can do this in the .htaccess file at the site root.
0
 

Author Comment

by:chriscounter07
ID: 24064391
it is from fairly randomised IP's.  Ta for your help, should be interesting to see if I can get this resolved.  I have spent the last 2 hours blocking IP's while trying to find the flaw
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24064411
Go with the query string method, then.  I've done this before and it works after a few days.  Since this is a robot, it may not get the message right away, though.
0
 

Author Comment

by:chriscounter07
ID: 24064464
jason1178,
can you write this for me, i'm feeling a bit tired now and it's not sinking in!  i know it's relatively straight forward
0
 

Author Comment

by:chriscounter07
ID: 24066529
torimar,

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

This ensures that no pictures are shown at all.  I guess this is because it is the client that requests the images?
0
 
LVL 35

Accepted Solution

by:
torimar earned 300 total points
ID: 24067501
Yes, you are right.
I was in a hurry myself, and I read your "urgent" and "fast!!", so I did not think any further. Since you get those requests by randomized URLs, you will have to use mod_rewrite in the way suggested by jason1178.

But for the time being, until you get those mod_rewrite strings sorted out and working, you could still add the most obnoxious IPs like this:

Order allow,deny
Allow from all
Deny from _BAD_IP1_
Deny from _BAD_IP2_
Deny from _BAD_IP3_

Also, if this is really a bot, and you already have a robots.txt in your root folder, try adding an additional robots.txt right inside the folder that receives those requests:

User-agent: *
Disallow: /*?
Disallow: /*.jpg$
0
 

Author Comment

by:chriscounter07
ID: 24068298
Torimar,
I am particulary grateful for your last 3 lines of your post.  I think this will help.

I have patched the hole with the code attached, put inside the folder receiving the request.  I also put it inside website root for peace of mind.
Will keep this question open for the rest of the day while I let your post sink in.

jason1178,
I'll have to read up on your link.  It is certinly the answer but alas I am not experienced enough to just extract what I think i'll need!


<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*)$ - [F,L]
</IfModule>

Open in new window

0
 

Author Closing Comment

by:chriscounter07
ID: 31566430
Torimar's answer was well written and instead of repeating what Jason1178 had already said went a little further by offering a viable alternative.  Jason1178's answer was the best of the two but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24144350
Chris,

Can I ask you to clarify this part of the grading comment?

>> but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.

Who is the OP?
0
 

Author Comment

by:chriscounter07
ID: 24145648
Hi Jason,

OP as in Original Post.  More of a forum-friendly shorthand, like AFAIK (as far as I know).  Apologies it wasn't clear.

Best Regards
Chris
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Edit a page at wix.com 8 51
compact pure CSS Read More Toggle 4 73
REReplaceNoCase help 1 34
ebay devID, appID, certID, userToken 2 31
Read about why website design really matters in today's demanding market.
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question