Linux : Reject domain List (httpd & server)

October 23.2007

Dear Madams and Sirs,

Ever had the chance to forbid a website to download HTTP files from
your Website ?

Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
(Fedora).

Point is, there are some undesired websites that downloads our content
to display it over their websites.

As an example : they insert in their web-pages : <iframe src="our-
website.com/file.php"> OR <img src="our-website.com/file.gif"

These websites are 100% undesired.

We searched out and asked questions BUT
.. if we found out how to forbid ONE USER to download a content
.. if we found out how to forbid USERS to access a file or a directory.

We could not AT ALL find out how to forbid one website (eg :
clickandwin.com) to display our content.

The dreamed situation is a .txt reject list recognized from Linux
online or Apache.

>From that list clickandwin.com or clickformoney.com would be forbidden
to DW any file for the server.

Does that sounds like impossible : because our searches lead us to
that conclusion for the time being.

>From your pro. experience in website configuration, and studies You
might have an operational solution ?

We thank for your answer and address our best consideration.

Bob

2401 members, members can post wrote:
>
>
>
> October 23.2007
>
> Dear Madams and Sirs,
>
> Ever had the chance to forbid a website to download HTTP files from
> your Website ?
>
> Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
> (Fedora).
>
> Point is, there are some undesired websites that downloads our content
> to display it over their websites.
>
> As an example : they insert in their web-pages : <iframe src="our-
> website.com/file.php"> OR <img src="our-website.com/file.gif"
>
> These websites are 100% undesired.
>
> We searched out and asked questions BUT
> . if we found out how to forbid ONE USER to download a content
> . if we found out how to forbid USERS to access a file or a directory.
>
> We could not AT ALL find out how to forbid one website (eg :
> clickandwin.com) to display our content.
>
> The dreamed situation is a .txt reject list recognized from Linux
> online or Apache.
>
>>From that list clickandwin.com or clickformoney.com would be forbidden
> to DW any file for the server.
>
> Does that sounds like impossible : because our searches lead us to
> that conclusion for the time being.
>
>>From your pro. experience in website configuration, and studies You
> might have an operational solution ?
>
> We thank for your answer and address our best consideration.
>
> Bob
>

Take a look at http://httpd.apache.org/docs/2.2/howto/access.html for
the full answer to your question. Simplest fix - create a file named
..htaccess in your web documents home with the contents

Order deny,allow
Deny from clickandwin.com clickformoney.com
Allow from all


Doug

Dear Sir,

Many thanks for your answer BUT :

There seems to be a solution in PHP.INI, or using an HTACCESS FILE
(http://www.yorku.ca/computng/student...s/central_web/
htaccess.html), or using APACHE
(http://www.yorku.ca/computng/student...s/central_web/
htaccess.html)

If you accept Questions :

1) Do you implement that in your HTTP.CONF file :

Order deny,allow
Deny from zzz.com z1z1z1.com
Allow from all

it is not mentioned in the article ?


2) Why would you rather implement an Apache solution instead of a
*.INI or *.HTACCESS solution ?



All my distinguish considerations

Bob


****
Sorry for clickandwin.com clickformoney.com : these sites are quite
ok. Just used for non carrefull illustration.

2401 members, members can post wrote:
> Dear Sir,
>
> Many thanks for your answer BUT :
>
> There seems to be a solution in PHP.INI, or using an HTACCESS FILE
> (http://www.yorku.ca/computng/student...s/central_web/
> htaccess.html), or using APACHE
> (http://www.yorku.ca/computng/student...s/central_web/
> htaccess.html)

PHP is not mentioned in your URL so I cannot comment.

>
> If you accept Questions :
>
> 1) Do you implement that in your HTTP.CONF file :
>
> Order deny,allow
> Deny from zzz.com z1z1z1.com
> Allow from all
>
> it is not mentioned in the article ?

The grammar in this question is such that I cannot figure out what
you are asking.

>
>
> 2) Why would you rather implement an Apache solution instead of a
> *.INI or *.HTACCESS solution ?

I suggested using .htaccess because you desired a file-based solution
in your original post. Apache and .htaccess are not an either/or,
since access restrictions via .htaccess are defined by the apache
configuration file. The same restrictions can be put in your
apache.conf (or whatever the file is used by your distribution) with
the same effect.

>
>
>
> All my distinguish considerations
>
> Bob
>
>
> ****
> Sorry for clickandwin.com clickformoney.com : these sites are quite
> ok. Just used for non carrefull illustration.
>
>


--
Dr. Douglas O'Neal
Manager, Bioinformatics Center
Delaware Biotechnology Institute
(302) 831-3456

Dear Sir,

Many thanks for your reply. Would you autoriez us to ask you an
operational question ?

1. Two Websites

/home/virtual/site5/fst/var/www/html/
/home/virtual/site1/fst/var/www/html/


2. We implemented on site5 the following script :

vi .htaccess

<Limit GET POST>
order allow,deny
allow from all
deny from ad........com
</Limit>
<Limit PUT DELETE>
order deny,allow
allow from all
deny from all
</Limit>
AuthName "No"
AuthType Basic
Require valid-user
AuthUserFile /home/virtual/site2/fst/var/www/html/.htpasswd


3) Objective is to fordid the user connected from site1 to DW any
content from site5

4) After several trials : That does not work AT ALL

http://tinyurl.com/2kaqym

Again, we please send you our thanks,

My Regards

Bob

2401 members, members can post wrote:
>
>
>
> October 23.2007
>
> Dear Madams and Sirs,
>
> Ever had the chance to forbid a website to download HTTP files from
> your Website ?
>
> Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
> (Fedora).
>
> Point is, there are some undesired websites that downloads our content
> to display it over their websites.
>
> As an example : they insert in their web-pages : <iframe src="our-
> website.com/file.php"> OR <img src="our-website.com/file.gif"
>
> These websites are 100% undesired.
>
> We searched out and asked questions BUT
> . if we found out how to forbid ONE USER to download a content
> . if we found out how to forbid USERS to access a file or a directory.
>
> We could not AT ALL find out how to forbid one website (eg :
> clickandwin.com) to display our content.
>
> The dreamed situation is a .txt reject list recognized from Linux
> online or Apache.
>
>>From that list clickandwin.com or clickformoney.com would be forbidden
> to DW any file for the server.
>
> Does that sounds like impossible : because our searches lead us to
> that conclusion for the time being.
>
>>From your pro. experience in website configuration, and studies You
> might have an operational solution ?
>
> We thank for your answer and address our best consideration.
>
> Bob
>

Technically you can't prevent the reference from one site to another as
all you know about is the third party user viewing the page. You'll
have to resort to legal methods.

On Tue, 23 Oct 2007 11:13:13 -0400, Douglas O'Neal <(E-Mail Removed)> wrote:
| 2401 members, members can post wrote:
|>
|>
|>
|> October 23.2007
|>
|> Dear Madams and Sirs,
|>
|> Ever had the chance to forbid a website to download HTTP files from
|> your Website ?
|>
|> Have a pc-linux-gnu on i686 - Apache version is Apache/2.0.50
|> (Fedora).
|>
|> Point is, there are some undesired websites that downloads our content
|> to display it over their websites.
|>
|> As an example : they insert in their web-pages : <iframe src="our-
|> website.com/file.php"> OR <img src="our-website.com/file.gif"
|>
|> These websites are 100% undesired.
|>
|> We searched out and asked questions BUT
|> . if we found out how to forbid ONE USER to download a content
|> . if we found out how to forbid USERS to access a file or a directory.
|>
|> We could not AT ALL find out how to forbid one website (eg :
|> clickandwin.com) to display our content.
|>
|> The dreamed situation is a .txt reject list recognized from Linux
|> online or Apache.
|>
|>>From that list clickandwin.com or clickformoney.com would be forbidden
|> to DW any file for the server.
|>
|> Does that sounds like impossible : because our searches lead us to
|> that conclusion for the time being.
|>
|>>From your pro. experience in website configuration, and studies You
|> might have an operational solution ?
|>
|> We thank for your answer and address our best consideration.
|>
|> Bob
|>
|
| Take a look at http://httpd.apache.org/docs/2.2/howto/access.html for
| the full answer to your question. Simplest fix - create a file named
| .htaccess in your web documents home with the contents
|
| Order deny,allow
| Deny from clickandwin.com clickformoney.com
| Allow from all


That won't work. In the situation the original poster described, the
image is being downloaded by the end users web browser, not the
offending web sites' web server.

There may be a way to do this by blocking on the http-referrer header.

Alternatively, replace the files/images with something amusing and/or
inappropriate, and change your site to use a different file name.


--
Reverend Paul Colquhoun, ULC. http://andor.dropbear.id.au/~paulcol
Asking for technical help in newsgroups? Read this first:
http://catb.org/~esr/faqs/smart-questions.html#intro

On Oct 23, 7:30 am, "2401 members, members can post"
<Paul_Me...@2cuk.co.uk>

> Ever had the chance to forbid a website to download HTTP files from
> your Website ?

> Point is, there are some undesired websites that downloads our content
> to display it over their websites.
>
> As an example : they insert in their web-pages : <iframe src="our-
> website.com/file.php"> OR <img src="our-website.com/file.gif"
>
> These websites are 100% undesired.

You have three choices:

1) Implement a technical solution. They will implement a technical
workaround. The situation will repeat. On the bright side, you will
require them to do things that will likely prove that they know you
find their behavior undesirable and that they took affirmative steps
to workaround it.

2) Implement a legal solution. Advise them that you find their conduct
abusive. Talk to a lawyer about whether it may violate copyright laws,
computer abuse laws, and/or unfair competition laws. Your lawyer may
even have other ideas. Have him write them a nasty note.

3) Implement both of the above.

You can start by filtering on the referer. See pages like this one:
http://apache-server.com/tutorials/ATimage-theft.html
Google for "apache restrict referrer".

DS