Solved

Need to block a URL from being requested - urgent

Posted on 2009-04-03
11
306 Views
Last Modified: 2013-11-19
Hi,
I'm not going to go in to too much detail as, to be honest, i'm a bit stuck as to the reason.  Basically, this is swamping my site with http requests.  I need to block this path, fast!!

/catalog/images/productimages/11323tn.jpghttp://www.mysite.com/catalog/images/productimages/view_page.php?section=OSHome

At what point in this path should I put in an htaccess file and what should this file say in it?
0
Comment
Question by:chriscounter07
  • 6
  • 3
  • 2
11 Comments
 
LVL 35

Expert Comment

by:torimar
ID: 24064327
Try and put this in the /productimages subfolder:

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

0
 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 200 total points
ID: 24064331
Hi christcounter07,

There are a number of different ways to do this with mod-rewrite:

http://perishablepress.com/press/2009/02/03/eight-ways-to-blacklist-with-apaches-mod_rewrite/

If the number of requests is from a small pool of IPs, I would choose blacklist via IP address.  If not, blacklist via the query string.

You can do this in the .htaccess file at the site root.
0
 

Author Comment

by:chriscounter07
ID: 24064391
it is from fairly randomised IP's.  Ta for your help, should be interesting to see if I can get this resolved.  I have spent the last 2 hours blocking IP's while trying to find the flaw
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24064411
Go with the query string method, then.  I've done this before and it works after a few days.  Since this is a robot, it may not get the message right away, though.
0
 

Author Comment

by:chriscounter07
ID: 24064464
jason1178,
can you write this for me, i'm feeling a bit tired now and it's not sinking in!  i know it's relatively straight forward
0
 

Author Comment

by:chriscounter07
ID: 24066529
torimar,

Order allow,deny
Deny from all
Allow from mysite.com
Allow from (_add_IP_of_mysite.com)

This ensures that no pictures are shown at all.  I guess this is because it is the client that requests the images?
0
 
LVL 35

Accepted Solution

by:
torimar earned 300 total points
ID: 24067501
Yes, you are right.
I was in a hurry myself, and I read your "urgent" and "fast!!", so I did not think any further. Since you get those requests by randomized URLs, you will have to use mod_rewrite in the way suggested by jason1178.

But for the time being, until you get those mod_rewrite strings sorted out and working, you could still add the most obnoxious IPs like this:

Order allow,deny
Allow from all
Deny from _BAD_IP1_
Deny from _BAD_IP2_
Deny from _BAD_IP3_

Also, if this is really a bot, and you already have a robots.txt in your root folder, try adding an additional robots.txt right inside the folder that receives those requests:

User-agent: *
Disallow: /*?
Disallow: /*.jpg$
0
 

Author Comment

by:chriscounter07
ID: 24068298
Torimar,
I am particulary grateful for your last 3 lines of your post.  I think this will help.

I have patched the hole with the code attached, put inside the folder receiving the request.  I also put it inside website root for peace of mind.
Will keep this question open for the rest of the day while I let your post sink in.

jason1178,
I'll have to read up on your link.  It is certinly the answer but alas I am not experienced enough to just extract what I think i'll need!


<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^(.*)$ - [F,L]
</IfModule>

Open in new window

0
 

Author Closing Comment

by:chriscounter07
ID: 31566430
Torimar's answer was well written and instead of repeating what Jason1178 had already said went a little further by offering a viable alternative.  Jason1178's answer was the best of the two but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.
0
 
LVL 70

Expert Comment

by:Jason C. Levine
ID: 24144350
Chris,

Can I ask you to clarify this part of the grading comment?

>> but the OP suggested I didn't know enough about htaccess and was just after a bit of code to be written for me.

Who is the OP?
0
 

Author Comment

by:chriscounter07
ID: 24145648
Hi Jason,

OP as in Original Post.  More of a forum-friendly shorthand, like AFAIK (as far as I know).  Apologies it wasn't clear.

Best Regards
Chris
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question