httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "ScratchPad/htaccess" by pctony
Date Tue, 27 Feb 2007 22:48:29 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by pctony:
http://wiki.apache.org/httpd/ScratchPad/htaccess

The comment on the change is:
deleted non htaccess specific content.  i.e, tips for blocking domains

------------------------------------------------------------------------------
  
  == When should I use .htaccess files? ==
  
- Only when you cannot edit directly the main configuration files!
+ Only when you cannot directly edit the main configuration files!
  
  === But it's ugly having all that stuff in the main config file! ===
  
@@ -66, +66 @@

  As you can see, .htaccess files are restricted to the directory they're placed in, and thus
you can think of .htaccess files as dynamically adding the following to the master Apache
configuration:
   
  {{{
- <Directory /path/to/.htaccess> 
+ <Directory /path/to/folder-with.htaccess> 
   #.htaccess content goes here
  </Directory>
  }}}
  
  == How do I use .htaccess files? ==
  
- .htaccess files are containers for (certain) Apache directives. Note that some directives
might be ignored due to Override configuration in the main config files.
+ .htaccess files are containers for (certain, restricted) Apache directives. Note that some
directives might be ignored due to Override configuration in the main config files.
  
  == How can I prevent users from using .htaccess, or how define what can they do with them?
==
  
@@ -102, +102 @@

  
  You can do it by sshing in to yourdomain.com and using pico, a user-friendly text editor.
All the commands for its use appear at the bottom of the page (^ means ''press the Control
key.'') Just change to the directory in which you want to use .htaccess, and type "pico .htaccess"
to get started with a blank .htaccess file.
  
- == How do I block certain IPs from accessing my site or directory? ==
- It's pretty easy!  All you have to do is file in the directory you'd like to restrict (your
main directory to restrict the entire site) and then put the following in it:
- 
- {{{
-  <Limit GET>
-  order allow,deny
-  allow from all
-  deny from 123.142.124.152
-  deny from 124.24.
-  </LIMIT>
- }}}
- 
- 
- You can put whole ips or just the beginning part you'd like to match, and you can add more
and more ips, each with its own line!   When somebody's ip is banned, they will get a 403
error (access forbidden) when trying to visit your site.
- 
- 
- == How do I block people coming from a certain website or URL from visiting my site or directory?
==
- 
- It's actually very similar to [[KB / Unix / .htaccess files| blocking people by IP]]! Again,
you need to add some lines to an .htaccess text file that you create in the home directory
of your web site.
- 
- Here is some example code for giving everybody who comes to you from www.yahoo.com or www.google.com
an (access denied):
- 
- {{{
-  SetEnvIfNoCase Referer "^http://www.google.com/" BadReferrer
-  SetEnvIfNoCase Referer "^http://www.yahoo.com/" BadReferrer
-  order deny,allow
-  deny from env=BadReferrer
- }}}
- 
- Another way to block people where you end up just redirecting them to a different url involves
using the "[http://httpd.apache.org/docs/mod/mod_rewrite.html mod_rewrite]" functionality
of our web server. Here's how to block everybody from www.yahoo.com and www.google.com again
(put this in your .htaccess file):
- 
- {{{
-  RewriteEngine On
-  RewriteCond %{HTTP_REFERER} ^http://www.yahoo.com/
-  RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]
-  RewriteCond %{HTTP_REFERER} ^http://www.google.com/
-  RewriteRule /* http://www.yoursite.com/restricted_url.html [R,L]
- }}}
- 
- 
- == Force a server to only use SSL and fix double logins ==
- If you really want to be sure that your server is only serving documents over an encrypted
SSL channel ''(you wouldn't want visitors to submit a htaccess password prompt on an unencrypted
connection)'' then you need to use the '''SSLRequireSSL''' directive with the +StrictRequire
Option turned on.
- 
- {{{
-  SSLOptions +StrictRequire
-  SSLRequireSSL
-  SSLRequire %{HTTP_HOST} eq "site.com" #or www.site.com
-  ErrorDocument 403 https://site.com
- }}}
- 
- The cool thing about using mod_ssl instead of mod_rewrite to force SSL is that apache gives
mod_ssl priority ABOVE mod_rewrite so it will always require SSL.  ''(may be able to get around
first method using http://site.com:443 or https://site.com:80)''
- * An in-depth article about what this is doing can be found in the [http://www.htaccesselite.com/htaccess/redirecting-all-or-part-of-a-server-to-ssl-vt61.html
SSL Forum]
- 
- 
- 
- == How do I stop others from "hotlinking" my files? ==
- "Hotlinking" is when somebody displays an image (or any type of file actually) on somebody
else's web site directly inline on their site!  There's nothing particularly '''wrong''' with
that, it's a big part of how the WWW was designed to work. However, it does "steal" the bandwidth
of the original site, and could possibly infringe on a copyright.
- 
- ==== Blocking specific domains ====
- The following code will return a '''403 Forbidden''' error instead of the requested image,
but only when the image has been requested by ''badsite.net'' or ''badsite.com'':
- {{{
-  RewriteEngine On
-  RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR]
-  RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC]
-  RewriteRule \.(jpe?g|gif|png)$ - [F]
- }}}
- Note that in the above example, only images are being protected. To protect other resources,
such as video and audio files, add additional extensions to the <code>Rewrite Rule</code>
parentheses block.
- 
- ==== Blocking most domains ====
- The following code will return a '''403 Forbidden''' error instead of the requested resource,
unless requested from example.com or livejournal.com (note that one of the allowed sites should
be the domain where the resource is actually used):
- {{{
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^http://(www\.)?livejournal\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^$
- RewriteRule \.(jpe?g|gif|png)$ - [F]
- }}}
- 
- ==== Blocking all domains ====
- The following code will return a '''403 Forbidden''' error instead of the requested resource,
unless the referrer is example.com, which should be changed to the domain of the site where
the image is used:
- {{{
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^$
- RewriteRule \.(jpe?g|gif|png)$ - [F]
- }}}
- 
- === Replacing images ===
- This method will '''still''' result in bandwidth theft, but it will protect your images.
Bandwidth theft may reduce eventually as people learn linking your images will not work.
- 
- ==== Replacing the image ====
- The following code will cause the remote server to display '''no_hotlink.jpg''' instead
of the requested image:
- {{{
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
- RewriteCond %{HTTP_REFERER} !^$
- RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
- }}}
- 
- ==== Allow certain hotlinking ====
- The following code will cause the remote server to display '''no_hotlink.jpg''' instead
of the requested image, unless the image has been requested from a specified directory ("'''dir'''"):
- {{{
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/dir/ [NC]
- RewriteCond %{HTTP_REFERER} !^$
- RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
- }}}
- 
- ==== Block specific domains ====
- The following code will cause the remote server to display '''no_hotlink.jpg''' instead
of the requested image, but only when the image has been requested by ''badsite.net'' or ''badsite.com'':
- {{{
- RewriteEngine On
- RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.net/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://(www\.)?badsite\.com/ [NC]
- RewriteRule \.(jpe?g|gif|png)$ images/no_hotlink.jpg [L]
- }}}
- 

Mime
View raw message