Block proxy servers via htaccess

Fix it!!

Block proxy servers via htaccess

Postby Nervosa » Mon Apr 06, 2009 4:22 pm

I recently came across this..

http://perishablepress.com/press/2008/0 ... -htaccess/

Code: Select all
RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]


I run a forum and sometimes some users get out of hand and think that its fun to hide behind a proxy make new accounts and spam.

Since I implemented this on my site I have had a few users comment on friends that use cell phones getting 403 errors.
I don't know much about how cell phone web works but could this be blocking them, and if so is there a rule I could add?
Nervosa
 
Posts: 14
Joined: Mon Aug 18, 2008 3:04 pm

Postby richardk » Tue Apr 07, 2009 7:05 am

I run a forum and sometimes some users get out of hand and think that its fun to hide behind a proxy make new accounts and spam.

This won't block anonymous proxies, though. Is your spam from humans or spambots/botnets?

Since I implemented this on my site I have had a few users comment on friends that use cell phones getting 403 errors.
I don't know much about how cell phone web works but could this be blocking them

It could be. The requests might be going through a proxy server (set up by the provider). Do they get a 403 error for all their requests?

is there a rule I could add?

You could allow some "legitimate" proxies by IP address
Code: Select all
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$

or the user agent
Code: Select all
RewriteCond %{HTTP_USER_AGENT} !^good_user_agent$ [NC]
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby Nervosa » Tue Apr 07, 2009 1:41 pm

This won't block anonymous proxies, though. Is your spam from humans or spambots/botnets?

People

It could be. The requests might be going through a proxy server (set up by the provider). Do they get a 403 error for all their requests?

One person said they were able to send PMs, that makes me think its something else. (Only heard of two cases so far)
Nervosa
 
Posts: 14
Joined: Mon Aug 18, 2008 3:04 pm

Postby richardk » Wed Apr 08, 2009 12:57 pm

If the mod_rewrite blocked one request it would almost certainly block all the requests. You could look in your error log for the 403 errors to see if you can get more information.
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am

Postby Nervosa » Wed Apr 08, 2009 3:18 pm

Talked to another person that uses verizon and got a 403 when useing cell phone.
Would adding something like allow verizon.com help?
Nervosa
 
Posts: 14
Joined: Mon Aug 18, 2008 3:04 pm

Postby richardk » Thu Apr 09, 2009 9:06 am

You would need to find out if there is something unique about there requests. Do they come from the same IP address? Do they have a customised user agent?
richardk
 
Posts: 8800
Joined: Wed Dec 21, 2005 7:50 am


Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 6 guests

cron