I’m sure every administrator of a web server has some experience with unwanted visitors. In the real world, you could simply send your Rottweiler after them and scare them off your ground. Sadly, this does not work on the internet.
In this article, I want to write about how to block IP-Addresses, hosts and referrals from accessing your site or portions of your site.
.htaccess File
The .htaccess file inside the document root is one of the most precise utilities you have, if you want to keep something out of a specific directory. The .htaccess is an extension of the regular Apache config for your webserver.
Block IP-Addresses
order allow,deny deny from 192.168.44.201 allow from all
To block an IP-Range, just leave the trailing block(s) empty:
deny from 192.168.44. deny from 192.168.
Block Referrals
You don’t want anyone coming from Facebook, Twitter or LinkedIn? No problem, just block them as referral.
RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://.*facebook\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^http://.*twitter\.com [NC,OR] RewriteCond %{HTTP_REFERER} ^http://.*linkedin\.com [NC] RewriteRule .* - [F]
Note the OR
at the end of the first two conditions.
Block Bots
The Rewrite Engine of the Apache web server is a really powerful tool, it even allows you to block bots, based on the user agent.
RewriteEngine on RewriteCond %{HTTP_USER_AGENT} ^BadBot [OR] RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [OR] RewriteCond %{HTTP_USER_AGENT} ^FakeUser RewriteRule ^(.*)$ http://go.away/
You can also send the bot to another web site, or let him look at a lovely picture of a wall, if the user agent starts with BadBot, EvilScraper or FakeUser.