Is there a way to block people from accessing my site if they came from a certin url?
Is there a way to block people from accessing my site if they came from a certin url?
Example: site-xyz.com has a link to my site and I want apache to not display the site if that is the referring URL. Is there anyway to do that? |
You can edit your httpd.cond and inside the <Directory...> section that defines your DocumentRoot change the allow/deny directives to read:
Code:
<Directory /some/path/to DocumentRoot> |
I think that will deny all users who connect from a computer on the site-xyz.com domain. The original poster was asking about referalls. I'd probably use a simple PHP script to check the HTTP referrer variable and forward the user to an access deny page if they came from site-xyz.com. However, this is fairly easily circumvented, since browsers can be configured not to send referrer data. You can of course check for a valid referer, but this will probably block some amount of legitimate traffic.
|
You could also use mod_rewrite and base your decisions on the HTTP_REFFERER variable
There's an exact tutorial for doing this, under "Blocked Inline-Images". |
Is there a way to do it with SNORT?
|
Do you already have it running as SNORT-inline or just as a sensor? Trying to use SNORT would be messy, you'd need to pull the referrer from the http header and then come up with a regex to match.
Apache already has mod_rewrite installed and all you need to do is turn the ReWriteEngine on and use the [F] Forbid target to block any requests where the refferer isn't you (except for index.html). |
All times are GMT -5. The time now is 05:23 PM. |