SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member
    Join Date
    Aug 2002
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question I need Code Help. URL Referral Blocking / Domain Blocking / IP Blocking on my web pg

    Someone once posted my URL on their Yahoo! Profile page, someone I didn't want to communicate with. I needed a code to redirect my page to go somewhere else only when it came from that page. Some taught me this code:
    Here's a little javascript I just wrote for you. Remember to surround this with script tags and within the head section of your html doc. and change the values of the variables to the URL that is linking to you (BLOCKED_URL), and the URL you want to forward those visitors to (FORWARDING_URL)

    var BLOCKED_URL = 'http://profiles.yahoo.com/yahooID';
    var FORWARDING_URL = 'http://www.yahoo.com';

    if(document.referrer==BLOCKED_URL)
    {
    location.href=FORWARDING_URL;
    }
    The above was placed into the HTML code and worked perfectly.

    Next, earlier this week, I've got someone harassing me - on purpose - by continuously posting my URL's on a particular forum (let's call it http://forums.thesite.org ). The admin has removed the posts 4 times already and has recently blocked his domain for a few days.

    One thing I've done about this is set up the HTML code (in all my files, this was quite tedeous) as follows:
    <script language="JavaScript">
    var b = 'forums.thesite.org';
    if (document.referrer.indexOf(b)!=-1){
    location.href='http://www.a_404_page_location.net/';
    }</script>
    With this, anytime someone clickes on any of my pages that's posted anywhere on the forum http://forums.thesite.org/**** - including all downstream files and directories - it would not go to my page and would re-direct to a 404 page error page. This has been working perfectly also, but I do have to enter this HTML code into each and every file.

    Now for my specific questions and what I need help on:

    Questions

    1) If I know the domain of the individual that going to my page ( i.e. www.ISP_Provider.net ), how can I create a code such that anytime an individual who's ISP is www.isp_provider.net , to reject and completely block my site from this domain? That way, since we know his domain, we can prevent the abuser from accessing my site from his home.

    Of course, would not do this with aol, etc., but this is a unique domain, so unique that the forum site has completely block this domain for a short while. I would like to block this domain completely.

    If someone is using www.ISP_provider.net as their ISP, they can't access my page, period.


    2) Currently, as noted above, I'm able to reject anything coming from http://forums.thesite.org and redirecting it to a page not found page.

    If I know that the IP address of http://forums.thesite.org is, for example, 34.234.23.34 , how can I write a code to block all links to my page coming from that area?

    I'm currently blocking all links from

    'forums.thesite.org'

    but I want to block the same way using an IP address instead.

    Thanks in Advance
    Last edited by site19; Dec 4, 2002 at 22:21.

  2. #2
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Handing these redirects at the client level, using javascript, is not the optimal method. Firstly, it is inefficient to serve the request if you don't want the client to see the web page. Secondly, the client can simply turn javascript off to cicumvent your control.

    Assuming you are using an apache web server the optimal place to handle this issue is in a .htaccess file using mod_rewrite. However, if your web host doesn't allow you to use rewrite rules in .htaccess files, the next best method would be using a server side script in something like php.

    The advantage of using rewrite rules in an .htaccess file is you only need the one file to cover all the files in your document root directory and below. So let's look at this method.

    Here is what you would want in your .htaccess file

    Let's assume:
    1) You want to ban requests from the following IP numbers:
    123.123.123.1
    123.123.123.2

    2) You want to ban requests referred from xyz.com (ie, you want to ban users who have followed a link at the xyz.com website.

    3) You want to ban remote users who are connecting via ISP foo.com

    Code:
    RewriteEngine On
    
    RewriteCond {%HTTP_FORWARDED} 123.123.123.1 [OR]
    RewriteCond {%HTTP_FORWARDED} 123.123.123.2 [OR]
    RewriteCond {%REMOTE_ADDR} 123.123.123.1 [OR]
    RewriteCond {%REMOTE_ADDR} 123.123.123.2 [OR]
    RewriteCond {%ENV:REMOTE_HOST} foo\.com [NC,OR]
    RewriteCond {%HTTP_REFERER} xyz\.com [NC]
    RewriteRule .* http://www\.yahoo\.com [L]
    Alternatively, instead of redirecting the user, you can return a 403 Forbidden response:

    RewriteRule .* [F]

    Look here for a reference: http://httpd.apache.org/docs/mod/mod_rewrite.html

    Don't assume the code above is correct or bug free. It's untested. If you want to persue the .htaccess angle further PM me and let me know and I will move the thread into the Apache forum where you will get more help.


  3. #3
    FreeBSD The Power to Serve silver trophy pippo's Avatar
    Join Date
    Jul 2001
    Location
    Italy
    Posts
    4,514
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,
    I could add only some syntax corrections:

    a)
    RewriteCond {%REMOTE_HOST} foo\.com [NC,OR]
    no need of ENV:

    b)
    RewriteRule .* - [F]
    you need to add -

    I admit that I have not too much experience about banning visitors...



    pippo
    Mr Andrea
    Former Hosting Team Advisor
    Former Advisor of '03


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •