Apache environment variables - logical AND
Jeremy Chadwick
koitsu at FreeBSD.org
Tue Nov 4 23:27:55 PST 2008
On Wed, Nov 05, 2008 at 05:33:45PM +1100, Ian Smith wrote:
> I know this isn't FreeBSD specific - but I am, so crave your indulgence.
>
> Running Apache 1.3.27, using a fairly extensive access.conf to beat off
> the most rapacious robots and such, using mostly BrowserMatch[NoCase]
> and SetEnvIf to moderate access to several virtual hosts. No problem.
>
> OR conditions are of course straighforward:
>
> SetEnvIf <condition1> somevar
> SetEnvIf <condition2> somevar
> SetEnvIf <exception1> !somevar
>
> What I can't figure out is how to set a variable3 if and only if both
> variable1 AND variable2 are set. Eg:
>
> SetEnvIf Referer "^$" no_referer
> SetEnvIf User-Agent "^$" no_browser
>
> I want the equivalent for this (invalid and totally fanciful) match:
>
> SetEnvIf (no_browser AND no_referer) go_away
Sounds like a job for mod_rewrite. The SetEnvIf stuff is such a hack.
This is what we use on our production servers (snipped to keep it
short):
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^XXXX: [OR]
RewriteCond %{HTTP_REFERER} ^http://forums.somethingawful.com/ [OR]
RewriteCond %{HTTP_REFERER} ^http://forums.fark.com/ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Alexibot [OR]
RewriteCond %{HTTP_USER_AGENT} ^asterias [OR]
RewriteCond %{HTTP_USER_AGENT} ^BackDoorBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^Black.Hole [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon.WebSpider
RewriteRule ^.* - [F,L]
You need to keep something in mind however: blocking by user agent is
basically worthless these days. Most "leeching" tools now let you
spoof the user agent to show up as Internet Explorer, essentially
defeating the checks.
If you're that concerned about bandwidth (which is why a lot of people
do the above), consider rate-limiting. It's really, quite honestly, the
only method that is fail-safe.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
More information about the freebsd-questions
mailing list