Linux-Noob Forums
Securing Sites with mod_rewrite - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: LAMP (https://www.linux-noob.com/forums/forum-83.html)
+--- Thread: Securing Sites with mod_rewrite (/thread-1914.html)

Securing Sites with mod_rewrite - znx - 2006-07-06


Stop Hotlinking

 

Nothing really suprising in this one, common trick used by lots of sites. The main aim isn't to stop the theft of images but the theft of bandwidth!

 



Code:
# Stop hotlinking
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www.myfriendsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http://www.othersites.com [NC]
# forbidden
RewriteRule .*\.(gif|jpg|png|swf)$ - [NC,F]
# forward elsewhere
# RewriteRule \.(gif|jpg|png|swf)$ http://www.hotlinkinghurtsmybandwidth.com/THIEF.png [R,L]




 

 

IP Banning

 

Found this trick elsewhere which I liked a lot, cause apache to read a separate file and instantly rebuild its deny!

 



Code:
# block ips
RewriteMap    hosts-deny  txt:/path/to/my/hosts-deny.map.txt
RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^/.*  -  [F]




 

The hosts-deny.map.txt looks like this:



Code:
127.0.0.1 -
localhost -




 

Deny those nasty localhost users!!! ;)

 

Bouncing Referrers

 

Using the same technique as above, it is possible to bounce users from one place to another:

 



Code:
# bounce/redirect users
RewriteMap  bounce txt:/path/to/my/bounce.map.txt
RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${bounce:%{HTTP_REFERER}} ^-$
RewriteRule ^.* %{HTTP_REFERER} [R,L]
RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${bounce:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^.* ${bounce:%{HTTP_REFERER}} [R,L]




 

Begone nasty referers! Now anyone coming from a list of referers can be redirected elsewhere. The bounce.map.txt file looks like:

 



Code:
http://www.badsite.com/    -
http://www.goodsite.com/baddirectory/index2.html   http://somewhereelse.com/




 

 

Many thanks to the meta wiki and various other mediawiki sources for these tips (I wish I'd taken note of the sites :().

 

[img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img] the apache power!