[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Need to block a URL from being requested - urgent

Posted on 2009-04-03
11
Medium Priority
?
320 Views
Last Modified: 2013-11-19
Hi,
I'm not going to go in to too much detail as, to be honest, i'm a bit stuck as to the reason.  Basically, this is swamping my site with http requests.  I need to block this path, fast!!

/catalog/images/productimages/11323tn.jpghttp://www.mysite.com/catalog/images/productimages/view_page.php?section=OSHome

At what point in this path should I put in an htaccess file and what should this file say in it?
0
Comment
Question by:chriscounter07
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24064327
Try and put this in the /productimages subfolder:

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 800 total points
ID: 24064331
Hi christcounter07,

There are a number of different ways to do this with mod-rewrite:

http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apaches-mod_rewrite/

If the number of requests is from a small pool of IPs, I would choose blacklist via IP address.  If not, blacklist via the query string.

You can do this in the .htaccess file at the site root.
0
 

Author Comment

by:chriscounter07
ID: 24064391
it is from fairly randomised IP's.  Ta for your help, should be interesting to see if I can get this resolved.  I have spent the last 2 hours blocking IP's while trying to find the flaw
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24064411
Go with the query string method, then.  I've done this before and it works after a few days.  Since this is a robot, it may not get the message right away, though.
0
 

Author Comment

by:chriscounter07
ID: 24064464
jason1178,
can you write this for me, i'm feeling a bit tired now and it's not sinking in!  i know it's relatively straight forward
0
 

Author Comment

by:chriscounter07
ID: 24066529
torimar,

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

This ensures that no pictures are shown at all.  I guess this is because it is the client that requests the images?
0
 
LVL 35

Accepted Solution

by:
torimar earned 1200 total points
ID: 24067501
Yes, you are right.
I was in a hurry myself, and I read your "urgent" and "fast!!", so I did not think any further. Since you get those requests by randomized URLs, you will have to use mod_rewrite in the way suggested by jason1178.

But for the time being, until you get those mod_rewrite strings sorted out and working, you could still add the most obnoxious IPs like this:

Order allow,deny
Allow from all
Deny from _BAD_IP1_
Deny from _BAD_IP2_
Deny from _BAD_IP3_

Also, if this is really a bot, and you already have a robots.txt in your root folder, try adding an additional robots.txt right inside the folder that receives those requests:

User-agent: *
Disallow: /*?
Disallow: /*.jpg$
0
 

Author Comment

by:chriscounter07
ID: 24068298
Torimar,
I am particulary grateful for your last 3 lines of your post.  I think this will help.

I have patched the hole with the code attached, put inside the folder receiving the request.  I also put it inside website root for peace of mind.
Will keep this question open for the rest of the day while I let your post sink in.

jason1178,
I'll have to read up on your link.  It is certinly the answer but alas I am not experienced enough to just extract what I think i'll need!


<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*)$ - [F,L]
</IfModule>

Open in new window

0
 

Author Closing Comment

by:chriscounter07
ID: 31566430
Torimar's answer was well written and instead of repeating what Jason1178 had already said went a little further by offering a viable alternative.  Jason1178's answer was the best of the two but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24144350
Chris,

Can I ask you to clarify this part of the grading comment?

>> but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.

Who is the OP?
0
 

Author Comment

by:chriscounter07
ID: 24145648
Hi Jason,

OP as in Original Post.  More of a forum-friendly shorthand, like AFAIK (as far as I know).  Apologies it wasn't clear.

Best Regards
Chris
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Magento is the best technology for eCommerce start-ups as it offers the technical expertise and visual appeal to create a store that pulls sales and earns high ROI (Return on investment).
This article is about the challenges faced by Android app developers.
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

613 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question