The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

htaccess block domains not working

Discussion in 'General Discussion' started by Zion Ahead, Mar 27, 2007.

  1. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    I placed this in my htaccess file main root folder and it is not blocking hidemyass.com

    deny from 10.1.3.0/24
    deny from .*hidemyass\.com.*
    deny from .*proxy\.com.*
    deny from .*anonymouse\.com.*
    deny from .*proxify\.com.*

    I see this in the link when I attempt to go to my site via hidemyass.com

    http://w1.hidemyass.com/index.php?q=http://www.mysite.com&hl=3e5
     
  2. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
  3. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    Unfortunately I'm not comprehending the instructions/examples

    RewriteCond %{HTTP_REFERER} hidemyass\.com [NC,OR]
    RewriteCond %{HTTP_REFERER} proxify\.com
    RewriteRule .* - [F]

    That did not work.
     
  4. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    For starters, using .HTACCESS like that to block proxy servers is just plain stupid!

    This is because you will need an enormous control list to cover all the proxies
    out there and even then you probably would not have all of them covered.

    Secondly, you are relying on the proxy server's DNS providing correct reverse
    DNS resolution back to a hostname that uses the same domain as the
    name of the proxy service --- not guaranteed.

    I would implement proxy detection technology into all the programs that
    you run on your web site as your first line layer. These modifications
    generally work by attempting to make proxy connections through the
    user's IP address at various common proxy ports and block the
    connection if a proxy connection is established.

    The majority of the proxies out there will also create an "X-Forwarded-For" header
    variable in Apache when connecting containing the user's real IP address when
    connecting to your server. One very easy thing to do is just simply drop all
    connections that have an "X-Forwarded-For" variable set and this kind of
    block can be setup easily in .HTACCESS.

    Now regarding your use of .HTACCESS, your main problem looks like you are
    using regex matching when regex has not been designated so you won't
    actually match to anything:

    Code:
    deny from 10.1.3.0/24
    deny from .*hidemyass\.com.*
    deny from .*proxy\.com.*
    deny from .*anonymouse\.com.*
    deny from .*proxify\.com.*
    
    This would be better written as:
    Code:
    <Files *>
    Order Allow,Deny
    Allow from all
    Deny from 10.1.3.0/24
    Deny from hidemyass.com
    deny from proxy.com
    deny from anonymouse.com
    deny from proxify.com
    </Files>
    
    (Note the ".*" regex wildcard designations have been removed)

    Now with that said though, I would not use the domain name for the proxy servers
    just because doing so will automatically force your web server into hostname lookups
    for all connections and your entire apache log file which will slow performance.

    If you are going to block specific proxies, then it would be better to do so by IP or CIDR
    instead of using generic hostname domain matching as given above.

    In example: hidemyass.com

    Code:
    # dig hidemyass.com
    
    ; <<>> DiG 9.3.1 <<>> hidemyass.com
    ;; global options:  printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52985
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;hidemyass.com.                 IN      A
    
    ;; ANSWER SECTION:
    hidemyass.com.          12973   IN      A       209.67.216.210
    
    ;; AUTHORITY SECTION:
    hidemyass.com.          84973   IN      NS      ns1.zymic.com.
    hidemyass.com.          84973   IN      NS      ns2.zymic.com.
    
    # host ns1.zymic.com
    ns1.zymic.com has address 209.67.216.210
    
    # host ns2.zymic.com 
    Host ns2.zymic.com not found: 3(NXDOMAIN)
    
    # 
    
    From the dig query, you can see that hidemyass.com uses IP address 209.67.216.210
    and their primary DNS server also resolves to the same IP address so they are
    using a standard dedicated server and 209.67.216.210 is their IP for everything.

    Code:
    Deny from 209.67.216.210
    
    Now if you want to get more effective, you can block the broad CIDR range which
    will block all servers on the net from reaching your web server:

    Code:
    # whois -h whois.arin.net 209.67.216.210 
    
    [Querying whois.arin.net]
    [whois.arin.net]
    Savvis SAVVIS (NET-209-67-0-0-1) 
                                      209.67.0.0 - 209.67.255.255
    Layered Technologies, Inc. CW-209-67-208 (NET-209-67-208-0-1) 
                                      209.67.208.0 - 209.67.223.255
    
    The IP for hidemyass.com is primarily allocated to Savvis as the main upstream
    which is sub-allocated to Layered Technologies who is their dedicated server provider.

    Most everything on Savvis is going to be dedicated servers on not live people
    so blocking that entire range from web access would have little impact on visitor
    traffic aside from those using servers as proxy relays.

    Code:
    Deny from 209.67.0.0/16
    
    This could also be done from your iptables firewall to block web access as well
    and would actually be faster and more effective than a .HTACCESS command:

    Code:
    iptables -A INPUT -s 209.67.0.0/16 -p tcp --dport 80 -j REJECT
    
     
  5. Zion Ahead

    Zion Ahead Well-Known Member

    Joined:
    Nov 10, 2006
    Messages:
    347
    Likes Received:
    0
    Trophy Points:
    16
    I added this to my .htaccess and re-uploaded / overwriting old

    deny from 207.44.150.146

    That is for anonymization.net

    Somehow, I was still able to access my site, even on hard refresh. Worst, I added the IP to csf -d 207.44.150.146 and still, able to access my site.
     
  6. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Some of the proxy sites utilize caching so if they are blocked, they could
    still appear to be connecting for a while from their cache files.

    On the other hand other proxy servers make use of multiple servers
    and thus multiple IP addresses you would need to block when using
    IP blacklist methods.

    To be sure, clear your own web cache and then go and access your site
    from any proxy server and then review the logs for your web site that
    are located in /etc/httpd/domlogs to find out the IP address that was
    used to connect to your server.

    (A trick to make things easier for the above is to attempt to connect
    to an invalid page at your site such as "pizza.html" through the
    proxy server which will make finding the IP entry to block from your
    web server log files that much easier)
     
Loading...

Share This Page