Results 1 to 10 of 12

Blocking spammers with mod_rewrite

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

20th May 2011, 02:02 PM

#1
OP
NewEraCracker

View Profile

View Forum Posts

Private Message

Visit Homepage
Moderator

Join Date : May 2010

Location : insurance.aes256

Posts : 1,267

Thanks: 0
Thanked 0 Times in 0 Posts

Rep Power : 18

Reputation : (187)
Blocking spammers with mod_rewrite
If you don't have APIs installed in your site that require POST method you can add this to .htaccess

Code:

# Mitigate the spammers <IfModule rewrite_module> RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{HTTP:Accept-Language} ^$ RewriteCond %{REQUEST_METHOD} ^(POST) RewriteRule .* - [R=406] RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0) RewriteCond %{REQUEST_METHOD} ^(POST) RewriteRule .* - [R=406] </IfModule>

It blocks POST requests from all clients without referer header and without Accept-Language header (automated form submission) and blocks POST requests from any HTTP/1.0 client (bots don't need POST)

-------

If you use nginx as apache reverse proxy. It downgrades requests to HTTP/1.0 and you lose the original HTTP version so just use:

Code:

# Mitigate the spammers <IfModule rewrite_module> RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{HTTP:Accept-Language} ^$ RewriteCond %{REQUEST_METHOD} ^(POST) RewriteRule .* - [R=406] </IfModule>

Regards,
NewEraCracker

NewEraCracker Reviewed by NewEraCracker on 20th May 2011. Blocking spammers with mod_rewrite If you don't have APIs installed in your site that require POST method you can add this to .htaccess # Mitigate the spammers <IfModule rewrite_module> RewriteEngine On RewriteCond %{HTTP_REFERER} ^$ RewriteCond %{HTTP:Accept-Language} ^$ RewriteCond %{REQUEST_METHOD} ^(POST) RewriteRule .* - RewriteCond %{SERVER_PROTOCOL} ^(HTTP/1.0) Rating: 5
Trusted: Dom, l0calh0st, 0ccul7, robert420
Find all threads started by NewEraCracker
Register To Reply Ping