Hi Everybody,
I have never used mod-rewrite and Rewrite rules before, and I am stuck in a couple of spots.
Background / Context: For many many months now, there have been several tens of accesses per day to a certain page on my web site with a forged referrer. The source IP addresses do not repeat, or if they do, not often. The page is never fully downloaded, meaning the figures and other context are never fetched. The forged referrer URL is actually the root page for my own site, and that page does NOT contain a link to the page in question. I have no clue as to the purpose for doing this nor what purpose it could possibly serve, other than maybe content linked from elsewhere. Anyway, I decided to try to block delivery for this use case.
I have one scenario sort of working, however it is also blocking legitimate attempts to access the page. Here is the rule set (I have added zzz to my domain name, just to throw off bots):
Code:
doug@doug-64:~/public_html$ cat .htaccess
RewriteEngine on
RewriteCond %{REQUEST_URI} /~doug/strange_get.html
RewriteCond %{HTTP_REFERER} http://www.smythieszzz.com/
RewriteRule .* - [G]
And here are some access attempts, where the ones from the internal IP address are legitimate:
Code:
198.50.236.156 - - [14/Sep/2013:06:17:57 -0700] "GET /~doug/strange_get.html HTTP/1.1" 410 584 "http://www.smythieszzz.com/" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
108.163.221.46 - - [14/Sep/2013:06:41:30 -0700] "GET /~doug/strange_get.html HTTP/1.0" 410 584 "http://www.smythieszzz.com/" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
192.168.111.101 - - [14/Sep/2013:07:16:41 -0700] "GET /~doug/strange_get.html HTTP/1.1" 410 583 "http://www.smythieszzz.com/~doug/index.html" "Mozilla/5.0 (Windows NT 6.0; rv:23.0) Gecko/20100101 Firefox/23.0"
192.168.111.101 - - [14/Sep/2013:07:20:23 -0700] "GET /~doug/strange_get.html HTTP/1.1" 410 584 "http://www.smythieszzz.com/~doug/" "Mozilla/5.0 (Windows NT 6.0; rv:23.0) Gecko/20100101 Firefox/23.0"
37.59.68.212 - - [14/Sep/2013:07:23:11 -0700] "GET /~doug/strange_get.html HTTP/1.0" 410 584 "http://www.smythieszzz.com/" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
37.59.68.212 - - [14/Sep/2013:07:25:08 -0700] "GET /~doug/strange_get.html HTTP/1.0" 410 584 "http://www.smythieszzz.com/" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
The rule appears to be triggering if the referrer contains "http://www.smythieszzz.com" in any larger context, but I want it to trigger only on exactly that context, nothing more. It is unclear to me how to modify the syntax to fix it. The other possibility is that perhaps the conditions rules have an implied "OR", but in my readings I thought one had to specify "OR", so I assumed (perhaps incorrectly) it was an implied "AND".
Part 2:
What I really want to do is substitute the reply with a text file:
Code:
doug@doug-64:~/public_html$ cat forged.txt
Your request HTTP_REFERER is forged. Please go away.
And the rule set I have, which doesn't seem to work at all:
Code:
doug@doug-64:~/public_html$ cat .htaccess.doug2
RewriteEngine on
RewriteCond %{HTTP_REFERER} http://www.smythieszzz.com/
RewriteRule ^/strange_get\.html /~doug/forged.txt [PT]
which gives:
Code:
78.157.211.101 - - [14/Sep/2013:08:05:02 -0700] "GET /~doug/strange_get.html HTTP/1.0" 200 7413 "http://www.smythieszzz.com/" "Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3"
Any help appreciated.
Bookmarks