Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need to block a URL from being requested - urgent

Posted on 2009-04-03
11
Medium Priority
?
315 Views
Last Modified: 2013-11-19
Hi,
I'm not going to go in to too much detail as, to be honest, i'm a bit stuck as to the reason.  Basically, this is swamping my site with http requests.  I need to block this path, fast!!

/catalog/images/productimages/11323tn.jpghttp://www.mysite.com/catalog/images/productimages/view_page.php?section=OSHome

At what point in this path should I put in an htaccess file and what should this file say in it?
0
Comment
Question by:chriscounter07
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24064327
Try and put this in the /productimages subfolder:

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 800 total points
ID: 24064331
Hi christcounter07,

There are a number of different ways to do this with mod-rewrite:

http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apaches-mod_rewrite/

If the number of requests is from a small pool of IPs, I would choose blacklist via IP address.  If not, blacklist via the query string.

You can do this in the .htaccess file at the site root.
0
 

Author Comment

by:chriscounter07
ID: 24064391
it is from fairly randomised IP's.  Ta for your help, should be interesting to see if I can get this resolved.  I have spent the last 2 hours blocking IP's while trying to find the flaw
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24064411
Go with the query string method, then.  I've done this before and it works after a few days.  Since this is a robot, it may not get the message right away, though.
0
 

Author Comment

by:chriscounter07
ID: 24064464
jason1178,
can you write this for me, i'm feeling a bit tired now and it's not sinking in!  i know it's relatively straight forward
0
 

Author Comment

by:chriscounter07
ID: 24066529
torimar,

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

This ensures that no pictures are shown at all.  I guess this is because it is the client that requests the images?
0
 
LVL 35

Accepted Solution

by:
torimar earned 1200 total points
ID: 24067501
Yes, you are right.
I was in a hurry myself, and I read your "urgent" and "fast!!", so I did not think any further. Since you get those requests by randomized URLs, you will have to use mod_rewrite in the way suggested by jason1178.

But for the time being, until you get those mod_rewrite strings sorted out and working, you could still add the most obnoxious IPs like this:

Order allow,deny
Allow from all
Deny from _BAD_IP1_
Deny from _BAD_IP2_
Deny from _BAD_IP3_

Also, if this is really a bot, and you already have a robots.txt in your root folder, try adding an additional robots.txt right inside the folder that receives those requests:

User-agent: *
Disallow: /*?
Disallow: /*.jpg$
0
 

Author Comment

by:chriscounter07
ID: 24068298
Torimar,
I am particulary grateful for your last 3 lines of your post.  I think this will help.

I have patched the hole with the code attached, put inside the folder receiving the request.  I also put it inside website root for peace of mind.
Will keep this question open for the rest of the day while I let your post sink in.

jason1178,
I'll have to read up on your link.  It is certinly the answer but alas I am not experienced enough to just extract what I think i'll need!


<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*)$ - [F,L]
</IfModule>

Open in new window

0
 

Author Closing Comment

by:chriscounter07
ID: 31566430
Torimar's answer was well written and instead of repeating what Jason1178 had already said went a little further by offering a viable alternative.  Jason1178's answer was the best of the two but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24144350
Chris,

Can I ask you to clarify this part of the grading comment?

>> but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.

Who is the OP?
0
 

Author Comment

by:chriscounter07
ID: 24145648
Hi Jason,

OP as in Original Post.  More of a forum-friendly shorthand, like AFAIK (as far as I know).  Apologies it wasn't clear.

Best Regards
Chris
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Australian government abolished Visa 457 earlier this April and this article describes how this decision might affect Australian IT scene and IT experts.
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question