Is this really right?

I’m trying to block some refer spam from my site, from the material I’ve read I “Think” I have this right and in the correct location … can anyone confirm or deny what I’ve done?

<IfModule mod_headers.c>
	Header unset ETag
	FileETag None
	<FilesMatch "\\.(ico|flv|jpg|jpeg|png|gif|js|css)$">
		Header unset Last-Modified
		Header set Expires "Fri, 21 Dec 2020 00:00:00 GMT"
		Header set Cache-Control "public, no-transform"

<IfModule mod_rewrite.c>
	RewriteEngine	On
	RewriteBase	/

RewriteCond %{HTTP_REFERER} ( [NC,OR]
RewriteCond %{HTTP_REFERER} (semalt\\.com) [NC,OR]
RewriteCond %{HTTP_REFERER} ( [NC,OR]
RewriteRule .* - [F]

	RewriteCond	%{QUERY_STRING} ^$
	RewriteRule	^((.)?)$	index.php?p=home [L]

	RewriteCond %{REQUEST_FILENAME} -f
	RewriteRule ^(.*)$ $1 [QSA,L]

	RewriteCond	$1 "/home/########/public_html"
	RewriteRule	^(.+)$ / [L]

	RewriteCond	$1 !^(\\#(.)*|\\?(.)*|cgi-bin\\/(.)*|content\\/(.)*|forum\\/(.)*|robots\\.txt(.)*|images\\/(.)*|SAVE\\/(.)*|login\\.php(.)*|\\.htaccess\\.back(.)*|error_log(.)*|ioncube\\/(.)*|\\.ftpquota(.)*|checkbox\\.png(.)*|admin\\.php(.)*|download\\.php(.)*|index\\.php(.)*|\\.htaccess(.)*|readme\\.txt(.)*)
	RewriteRule	^(.+)$ index.php?url=$1&%{QUERY_STRING} [L]

<IfModule mod_deflate.c>
	<FilesMatch "\\.(js|css|ico|flv|jpg|jpeg|png|gif)$">
		SetOutputFilter DEFLATE

<Files 403.shtml>
order allow,deny
allow from all

Well Apparently not… If I FTP that to my root DIR I get a 403 error… If I delete the “RewriteCond %{HTTP_REFERER}” I can access my site again.

So I dont know whats wrong.


You’ve hit on a pet peeve of mine as well as a bit of bad mod_rewrite code.

First, if at all possible, put any/ALL <IfModule> blocks in the httpd.conf where they’ll be read ONCE. Putting them in the .htaccess files makes each one be read MULTIPLE times for every request … and milliseconds/machine cycles do add up!

Admittedly, I didn’t go through your long RewriteCond in the last RewriteRule; the first # was enough for me to throw my hands in the air and give up. However, you don’t need to escape the / character as you’ve done there.




Thank you very much for the input…
I do fully admit I’m a total Numb-Nut with this and have “No” Idea what the hell I’m doing… But!, I am in the process of going over the comments you’ve made and currently reading pages of info on the Apache site trying to figure out what your referring to… I did edit out the “OR” and ftp’d the file but it still returned a error…Alas there seems to be allot that I need to do… This file was in the install of the cart I use for my site so I can only “Assume” its whats needed, but damn if I know…
All I’m trying to do is reduce the Huge amount of referrer spam


Sorry for my long absence.

The “Article” linked in my signature is a tutorial on mod_rewrite (which has helped many SitePoint members over the last 10+ years). I suggest that as your first stop to help your mod_rewrite code.

There is a saying that any publicity is good publicity so don’t overlook the value of referrer SPAM (unless their visitors are defacing your website, of course). There are blocks of mod_rewrite code (from very basic to horrendously long - which should NOT be in an .htaccess file [use httpd.conf instead]) which block SPAMbots and “scrapers” but, IMHO, it’s futile to spend more than an hour in that exercise. Best to ensure that your code is “tight” (all visitor input carefully checked before it’s allowed to do anything on your server).



Thanks for the time and input you’ve made… And More So… Thank You for spending the time on your tutorial!. I have a long way to go, but the best place to start now is on your page… Thank you Very Much…


Oh, my! Thanks for your response.

That tutorial was created when I was a Mentor and through my years as the Hosting Team Leader. It has served SitePoint members well over the years (and I do try to keep it up to date).