Geek Answers Handbook

Htaccess - Deny requests from unauthorized domains

I have a website "www.mysite.com" and it has its own ip. Now, starting from a few months, I see several domains pointing to my ip server (this is not a shared ip). I can navigate the entire website with these unauthorized domains, they are indexed in google with my content and all.

How can I configure htaccess to allow requests only for "www.mysite.com"?

UPDATE

this is the .htaccess that I have written so far with suggestions, but for some reason the first page is still served, without tho images

.htaccess

SetEnvIfNoCase Referer "^http://(www.)?thiefdomain.com" spam_ref SetEnvIfNoCase Referer "^http://(www.)?thiefdomain2.com" spam_ref2 <FilesMatch "(.*)"> Order Allow,Deny Allow from all Deny from env=spam_ref Deny from env=spam_ref2 </FilesMatch> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L]

How can I avoid displaying the first page?

+7
source share
3 answers

If you want to do mod_rewrite, you can check SERVER_NAME to block unauthorized domains:

 RewriteEngine on RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain1\.example$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain2\.example$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain3\.example$ RewriteRule ^ - [F]

or

 RewriteEngine on RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.example$ RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain-alias\.example$ RewriteRule ^ - [F]

If you have root privileges, you can also solve the problem with name-based virtual hosting as follows:

 NameVirtualHost *:80 <VirtualHost 192.0.2.100:80> ServerName dummy <Location /> Order deny,allow Deny from all </Location> ... </VirtualHost> <VirtualHost 192.0.2.100:80> ServerName www.yourdomain.example ServerAlias yourdomain.example ... </VirtualHost>

The first definition of VirtualHost considered the default virtual host. If 192.0.2.100 is available as the thiefdomain1.example file, the thiefdomain2.example file, thiefdomain3.example file, or any other hostnames other than www.yourdomain.example or yourdomain.example (defined in the second VirtualHost ), Apache refers to the first VirtualHost and returns 403 Prohibited status.

+10
source

1) What IP addresses are your thieves? Can you block these IP addresses?

2) Have you reported them to Google to steal content (if you can prove that you are the owner)?

3) Do you report this to the domain host? (e.g. GoDaddy)

4) You can also rewrite your HTML so that they are absolute paths instead of relative:

For example, the relative path would look like this:

 < a href="/page/2.html">page 2</a>

the absolute path will include the address of your website:

 <a href="http://www.site.com/page/2.html">page 2</a>
0
source

I can not say much about htaccess. but through programming you can achieve this. let's say your domain is www.mydomain.com. Suppose a browser requests a portion of your website. You can do the following. I am showing for PHP (since I am little educated with php).

 <?php if($_SERVER['HTTP_HOST'] == "your domain") { //show content } else { echo "your are not authorized to view contents from here."; }

if you prefer other languages, they may have access to the host name.

-4
source

More articles:


All Articles