Use.Htaccess to prevent IP malicious attack website prohibit specified domain name access prohibit machine crawler prohibit hotlinking
- 2020-12-26 06:01:09
- OfStack
A few days ago, I found that my website was scanned by some IP in a large number of malicious and targeted ways, in an attempt to obtain some internal configuration files and information in the website by means of violence detection. I used.Htaccess to defuse the attack by adding the following configuration to the.Htaccess file:
order allow,deny
deny from 180.97.106.
allow from all.Htaccess is a very powerful configuration file for just one website. The more you know what it does, the easier it will be to control your site configuration. Using.Htaccess to disable an IP's access to a website is one of its basic functions. The configuration above is just usage 1, and I'll summarize 1 below for more usage under this related topic.
Specify IP to block access
order allow,deny
deny from 192.168.44.201
deny from 224.39.163.12
deny from 172.16.7.92
allow from allThe above code shows how to block access to the site for three different IP.
Specifies that the IP segment blocks access
If you have a lot of IP to ban and find it troublesome to specify one IP paragraph at a time, here is how to ban one IP paragraph at a time:
order allow,deny
deny from 192.168.
deny from 10.0.0.
allow from all
Specifies that the domain name blocks access
order allow,deny
deny from some-evil-isp.com
deny from subdomain.another-evil-isp.com
allow from allThe code above prevents certain ISP from accessing the site.
Ban machine crawlers with.ES36en (bots,spiders)
In China, I think you need search engines only Google and baidu, other small search engines, such as sogou, 360 and so can be ignored, otherwise, these unimportant search engine crawler not only will not bring you benefits, and will crawl your website. Here's how to ban them:
#get rid of the bad bot
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^BadBot
RewriteRule ^(.*)$ http://go.away/Ban 1 crawler above. If you want to ban more than one crawler, you can do this in.Htaccess:
#get rid of bad bots
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^BadBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^EvilScraper [OR]
RewriteCond %{HTTP_USER_AGENT} ^FakeUser
RewriteRule ^(.*)$ http://go.away/This code blocks three different crawlers at the same time. Note the "[OR]".
Hotlinking is banned with.Htaccess (hotlink)
If your website is popular, there will be resources like pictures or videos on your website, and some people will embed them directly into their pages without professional ethics, occupying or wasting your bandwidth and affecting the stability of your server. For hotlinking actions like this, it's easy to block them with.Htaccess, as follows:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*somebadforum\.com [NC]
RewriteRule .* - [F] After adding the above code to.Htaccess, the server will return a 403 Forbidden error when somebadforum.com hotlinking your website resources, and your bandwidth will no longer be lost.
Here's how to block multiple sites:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*somebadforum\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*lastexample\.com [NC]
RewriteRule .* - [F] As you can see,.htaccess is a very powerful web server configuration tool that gives you a lot of freedom over your web server, but the solution is usually very simple, elegant, and rarely requires a server restart, i.e., effective immediately.
If you don't already have this configuration file on your server, build one.
Riedo's article on using the.Htaccess file to stop malicious IP attacks on websites is available at the relevant link below