manual/rewrite/access.html.en

	access.html.en revision 623c623a55d08be1d0e5295f5896aa391904b39b
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
              This file is generated from xml source: DO NOT EDIT
        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
      -->
<title>Using mod_rewrite to control access - Apache HTTP Server</title>
<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" />
<link href="/images/favicon.ico" rel="shortcut icon" /></head>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.3</p>
<img alt="" src="/images/feather.gif" /></div>
<div class="up"><a href="./"><img title="&lt;-" alt="&lt;-" src="/images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://httpd.apache.org/">HTTP Server</a> &gt; <a href="http://httpd.apache.org/docs/">Documentation</a> &gt; <a href="../">Version 2.3</a> &gt; <a href="./">Rewrite</a></div><div id="page-content"><div id="preamble"><h1>Using mod_rewrite to control access</h1>
<div class="toplang">
<p><span>Available Languages: </span><a href="/en/rewrite/access.html" title="English">&nbsp;en&nbsp;</a></p>
</div>


<p>This document supplements the <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code>
<a href="/mod_rewrite.html">reference documentation</a>. It describes
how you can use <code class="module"><a href="/mod/mod_rewrite.html">mod_rewrite</a></code> to control access to
various resources, and other related techniques.
This includes many examples of common uses of mod_rewrite,
including detailed descriptions of how each works.</p>

<p>Note that many of these examples won't work unchanged in your
particular server configuration, so it's important that you understand
them, rather than merely cutting and pasting the examples into your
configuration.</p>

</div>
<div id="quickview"><h3>See also</h3><ul class="seealso"><li><a href="/mod/mod_rewrite.html">Module documentation</a></li><li><a href="intro.html">mod_rewrite introduction</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
<div class="section">
<h2><a name="blocking-of-robots" id="blocking-of-robots">Blocking of Robots</a></h2>


      <dl>
        <dt>Description:</dt>

        <dd>
        <p>
        In this recipe, we discuss how to block persistent requests from
        a particular robot, or user agent.</p>

        <p>The standard for robot exclusion defines a file,
        <code>/robots.txt</code> that specifies those portions of your
        website where you which to exclude robots. However, some robots
        do not honor these files.
        </p>

        <p>Note that there are methods of accomplishing this which do
        not use mod_rewrite. Note also that any technique that relies on
        the clients <code>USER_AGENT</code> string can be circumvented
        very easily, since that string can be changed.</p>
        </dd>

        <dt>Solution:</dt>

        <dd>
        <p>We use a ruleset that specifies the directory to be
        protected, and the client <code>USER_AGENT</code> that
        identifies the malicious or persistent robot.</p>

        <p>In this example, we are blocking a robot called
        <code>NameOfBadRobot</code> from a location
        <code>/secret/files</code>. You may also specify an IP address
        range, if you are trying to block that user agent only from the
        particular source.</p>

<div class="example"><pre>
RewriteCond %{HTTP_USER_AGENT}   ^<strong>NameOfBadRobot</strong>
RewriteCond %{REMOTE_ADDR}       =<strong>123\.45\.67\.[8-9]</strong>
RewriteRule ^<strong>/secret/files/</strong>   -   [<strong>F</strong>]
</pre></div>
        </dd>

      <dt>Discussion</dt>

      <dd>
      <p>
        Rather than using mod_rewrite for this, you can accomplish the
        same end using alternate means, as illustrated here:
      </p>
      <div class="example"><p><code>
      SetEnvIfNoCase User-Agent ^NameOfBadRobot goaway<br />
      &lt;Location /secret/files&gt;<br />
      Order allow,deny<br />
      Allow from all<br />
      Deny from env=goaway
      </code></p></div>
      <p>
      As noted above, this technique is trivial to circumvent, by simply
      modifying the <code>USER_AGENT</code> request header. If you
      are experiencing a sustained attack, you should consider blocking
      it at a higher level, such as at your firewall.
      </p>

      </dd>

      </dl>

    </div></div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="/en/rewrite/access.html" title="English">&nbsp;en&nbsp;</a></p>
</div><div id="footer">
<p class="apache">Copyright 2009 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/directives.html">Directives</a> | <a href="/faq/">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div>
</body></html>