Forbid URL : Prevent Fraud. Reject domain list

Paris, October 24 2007,

Dear Madams and Sirs,

Ever had the chance to forbid a website to download HTTP files from
your Website ?

Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
(Fedora).

As an example : they insert in their web-pages : <iframe src="our-
website.com/file.php"> OR <img src="our-website.com/file.gif"

These websites are 100% undesired.

We searched out and asked questions BUT
.. if we found out how to forbid ONE USER to download a content
.. if we found out how to forbid USERS to access a file or a
directory.

We could not AT ALL find out how to forbid one website (eg :
click-as-a-monkey.com) to display our content.

> We found out 3 solutions that do not work :



1) Embeed the httpd.conf file inserting Directives and Rules
http://httpd.apache.org/docs/1.3/misc/rewriteguide.html
http://httpd.apache.org/docs/2.2/mis...de.html#access
http://www.doonet.info/apache_rewriting.php

Point is, we cannot change the httpd.conf file.



2) Change the PHP.INI
We did not find any operational solution to insert a list of anti-
leech and to monitor the referers.



3) Change the .htaccess of our website.
This solution seemed to be very soft and smart, but implementation
does not work.

3.A. Two Websites

/home/virtual/site5/fst/var/www/html/
/home/virtual/site1/fst/var/www/html/

3.B. We implemented on site5 the following script :

vi .htaccess

<Limit GET POST>
order allow,deny
allow from all
deny from ad........com
</Limit>
<Limit PUT DELETE>
order deny,allow
allow from all
deny from all
</Limit>
AuthName "No"
AuthType Basic
Require valid-user
AuthUserFile /home/virtual/site2/fst/var/www/html/.htpasswd

3.C. Objective is to fordid the user connected from site1 to DW any
content from site5

3.D. After several trials : That does not work AT ALL

http://tinyurl.com/2kaqym



We please thank you for any operational solution from your knowledge
and experiences,



My Regards

Bob

On Wed, 24 Oct 2007 02:25:07 -0700, 2401 members, members can post
rearranged some electrons to say:

> Paris, October 24 2007,
>
> Dear Madams and Sirs,
>
> Ever had the chance to forbid a website to download HTTP files from your
> Website ?

As someone already told you, "websites" don't download files from your
server. Your files are accessed when the end user's web browser reads
the HTML files on the web server in question. The end user's web browser
then reads your files.

The easiest way is to quietly rename whatever files you believe are being
referenced by the other website. Then the user will get a "404 - not
found" error when they load the other website's HTML and their browser
tries to load your files.

If all of the users that are reading the "other" web site are in a
particular domain, or a block of IP addresses, you can block them using
the methods already given to you. However, if you don't know what domain
the users of the "other" web site are, you won't have any way of knowing
what domain they are in.

On Wed, 24 Oct 2007 09:44:47 +0000, david rearranged some electrons to
say:

> On Wed, 24 Oct 2007 02:25:07 -0700, 2401 members, members can post
> rearranged some electrons to say:
>
>> Paris, October 24 2007,
>>
>> Dear Madams and Sirs,
>>
>> Ever had the chance to forbid a website to download HTTP files from
>> your Website ?
>
> As someone already told you, "websites" don't download files from your
> server. Your files are accessed when the end user's web browser reads
> the HTML files on the web server in question. The end user's web
> browser then reads your files.
>
> The easiest way is to quietly rename whatever files you believe are
> being referenced by the other website. Then the user will get a "404 -
> not found" error when they load the other website's HTML and their
> browser tries to load your files.
>
> If all of the users that are reading the "other" web site are in a
> particular domain, or a block of IP addresses, you can block them using
> the methods already given to you. However, if you don't know what
> domain the users of the "other" web site are, you won't have any way of
> knowing what domain they are in.

As someone else already told you, try filtering on the "Referrer" field.

The Referrer Field Solution to
Forbid URL : Prevent Fraud. Reject domain list


1) We know that domain name of the websites that we want to forbid to
DW our files.

example : http://www.dmain.com

2) The files downloaded are numerous :
a.php
a.gif
b.png
.....

3) We implemented in PHP
$http_ref= $HTTP_REFERER;
$exclude1 = "clic-gagnant.net/";
$exclude2 = "http://www.aqua-surfeur.com";
if (strncmp($http_ref, $exclude1, strlen($exclude1)) == 0 ||
strncmp($http_ref, $exclude2, strlen($exclude2)) == 0 ||
{ echo '<sc'.'ript>self.location.replace("http://");</sc'.'ript>';
exit(); }

But this is not what we want because this is only working for script-
readen files but not for GIF.


The 3B) solution seemed to be better BUT does not work :

..htaccess
<Limit GET POST>
order allow,deny
allow from all
deny from ad........com
</Limit>

Might you have a better solution, we would strongly appreciate :
sending you all our thanks.

Bob

The Referrer Field Solution to
Forbid URL : Prevent Fraud. Reject domain list


1) We know that domain name of the websites that we want to forbid to
DW our files.

example : http://www.dmain.com

2) The files downloaded are numerous :
a.php
a.gif
b.png
.....

3) We implemented in PHP
$http_ref= $HTTP_REFERER;
$exclude1 = "clic-gagnant.net/";
$exclude2 = "http://www.aqua-surfeur.com";
if (strncmp($http_ref, $exclude1, strlen($exclude1)) == 0 ||
strncmp($http_ref, $exclude2, strlen($exclude2)) == 0 ||
{ echo '<sc'.'ript>self.location.replace("http://");</sc'.'ript>';
exit(); }

But this is not what we want because this is only working for script-
readen files but not for GIF.


The 3B) solution seemed to be better BUT does not work :

..htaccess
<Limit GET POST>
order allow,deny
allow from all
deny from ad........com
</Limit>

Might you have a better solution, we would strongly appreciate :
sending you all our thanks.

Bob

The Referrer Field Solution to
Forbid URL : Prevent Fraud. Reject domain list


1) We know that domain name of the websites that we want to forbid to
DW our files.

example : http://www.dmain.com

2) The files downloaded are numerous :
a.php
a.gif
b.png
.....

3) We implemented in PHP
$http_ref= $HTTP_REFERER;
$exclude1 = "clic-gagnant.net/";
$exclude2 = "http://www.aqua-surfeur.com";
if (strncmp($http_ref, $exclude1, strlen($exclude1)) == 0 ||
strncmp($http_ref, $exclude2, strlen($exclude2)) == 0 ||
{ echo '<sc'.'ript>self.location.replace("http://");</sc'.'ript>';
exit(); }

But this is not what we want because this is only working for script-
readen files but not for GIF.


The 3B) solution seemed to be better BUT does not work :

..htaccess
<Limit GET POST>
order allow,deny
allow from all
deny from ad........com
</Limit>

Might you have a better solution, we would strongly appreciate :
sending you all our thanks.

Bob

(E-Mail Removed) wrote:
>
>
> The Referrer Field Solution to
> Forbid URL : Prevent Fraud. Reject domain list
>
>
> 1) We know that domain name of the websites that we want to forbid to
> DW our files.
>
> example : http://www.dmain.com
>
> 2) The files downloaded are numerous :
> a.php
> a.gif
> b.png
> ....
>
> 3) We implemented in PHP
> $http_ref= $HTTP_REFERER;
> $exclude1 = "clic-gagnant.net/";
> $exclude2 = "http://www.aqua-surfeur.com";
> if (strncmp($http_ref, $exclude1, strlen($exclude1)) == 0 ||
> strncmp($http_ref, $exclude2, strlen($exclude2)) == 0 ||
> { echo '<sc'.'ript>self.location.replace("http://");</sc'.'ript>';
> exit(); }
>
> But this is not what we want because this is only working for script-
> readen files but not for GIF.
>
>
> The 3B) solution seemed to be better BUT does not work :
>
> .htaccess
> <Limit GET POST>
> order allow,deny
> allow from all
> deny from ad........com
> </Limit>
>
> Might you have a better solution, we would strongly appreciate :
> sending you all our thanks.
>
> Bob
>
>
>
oh my you are going into many people's killfiles!