Forum Moderators: phranque
Any help appreciated.
Dexie
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^123.45.67.8$
RewriteRule ^(.*)$ [yahoo.com...] [L]
Do NOT place an [OR] on the final RewriteCond line.
.
You'll also need to escape the periods in your rule:
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$
.
The alternative and slightly more efficient syntax is to use ¦ as the OR and do it this way:
RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)¦(210\.78\.23\.4)$
You can have as many ¦ as you like, but it gets unreadable after half a dozen or so.
Beware that posting in this forum breaks the pipe symbol and you will need to type it in again if you copy and paste code from this forum.
A couple of things, what is the pipe thing please ? If this forum doesn't show them, whereabouts on a keyboard is it please ? Or maybe someone has a screenshot of it ?
Also, when you say it's more efficient, in what way ? Does that mean that the page loads more quickly ?
I know from experience, that for a lot of coding in .htaccess, you have to make sure lines of code are all on the same line, bearing in mind, that there might be as many as 20-30 ip's to redirect, what would I do there please ?
Dexie.
The alternative and slightly more efficient syntax...
Is that proven to process faster? I may have to change mine...
A couple of things, what is the pipe thing please ? If this forum doesn't show them, whereabouts on a keyboard is it please ? Or maybe someone has a screenshot of it ?
the "pipe" is simply a vertical line.
The forum breaks the charcter into two separate verical bars, you may view the broken character using ALT+0166.
Also, when you say it's more efficient, in what way ? Does that mean that the page loads more quickly ?
Not necessarily.
IMO, the example that g1msd provided is a bad use of the or line option.
Personally, I make ever effort to keep the file lines in alpahabetical and numerical order.
I know from experience, that for a lot of coding in .htaccess, you have to make sure lines of code are all on the same line, bearing in mind, that there might be as many as 20-30 ip's to redirect, what would I do there please ?
See above (i. e., separate lines), "as a general rule" in numerical order, unless the are closely separated.
[edited by: wilderness at 12:57 pm (utc) on July 14, 2008]
For me, the pipe symbol is above back-slash on my (UK) keyboard. You need the "solid" pipe, not the "broken pipe" (shown as ¦ here in the foum) version. The wrong one is next to "1" and above "tab" on my (UK) keyboard.
@ Wilderness, assuming you had multiple ip address's, (at least 20), that you wanted to redirect to another domain, how would you do it please ?
Dexie.
g1smd has graciously provided you with the groundwork. There are many more examples in the forum archives.
All you need to do is expand the lines in g1smd example.
I would caution you against denying short, that is denying to the precise Class D range. You'll find that, in most every instance to implement these precise ranges, the visitor will only return on a different number to bite you in the backside.
By class D, I assume you mean that it's best to redirect based on the 1st 3 octets, rather than all 4 ?
How's the code looking below ? Does it matter if the line with the ip address's is not on one line,
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦$
RewriteRule ^(.*)$ [yahoo.com...] [L]
Dexie
Using one-line per condition [OR]s is faster in http.conf and other server config files, where the code is compiled once at server start-up.
This is based on some benchmarking work done by member AndreasFriedRich, and posted here at WebmasterWorld.
Jim
RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦(210\.78\.23\.4)¦$
RewriteRule ^(.*)$ http://www.yahoo.com [L]These lines will likely return a 500 error taking down your server!
You've an extral trailing pipe character at the end of your IP line.
As an aside, the speed difference that Jim is referring to is (at least as a general rule), so minute, that anything you may gain would be lost when you begin searching your deleveoped and/or extensive lines for syntax errors (which happen to everybody). During March, I spent more than a week to locate three syntax errors and IF my lines hadn't been organized in a methodical pattern, the week could have easily turned into three or four.
So, 20 IP ranges to block: 4 conditions, each with 5 IP ranges in.
That wouldn't be a problem.
You would remove the final $ symbol if you were using partial IP ranges.
Note also that the parentheses in the previously-posted code are misplaced -- in that only one pair is needed to "attach" the start and end anchors to each IP address sub-pattern. I'd write it as:
RewriteCond %{REMOTE_ADDR} ^(123\.45\.67\.8¦210\.78\.23\.4¦210\.78\.23\.4¦210\.78\.23\.4¦210\.78\.23\.4)$
> but I thought you were saying that there was another way of doing it ?
What we've been talking about efficiency-wise is that this implementation of my example is faster if used in httpd.conf or conf.d, or some other server-config file:
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.78\.23\.4$
> By class D, I assume you mean that it's best to redirect based on the 1st 3 octets, rather than all 4 ?
This depends on *where and what* the visitor is. If the IP address resolves to a dial-up user, then that address is only temporarily-assigned, and will change the next time that user re-connects. It is usually not productive to block dial-up users by IP address; Since the IP address will be changed/re-assigned, then when the blocked address'es user gets a new IP address, not only won't you block him anymore, but you may block an innocent user if he's assigned the bad guy's previous address.
If the IP address resolves back to a single DSL user, then block that specific address and put the code into a section that you plan to review (or delete) on a monthly basis; DSL IP addresses also change, but only occasionally -- when the user's router is re-booted or his ISP's DHCP lease time expires. This could be days, weeks, or months.
If the visitor is a business user, then it's less likely the IP address will change, and you might put those blocks into a six-month-review section.
If the visitor is coming from an IP address assigned to a co-location facility or to a hosting company, then his IP address is likely to change very infrequently -- once a year might be a good guess, although I wouldn't tolerate a service that changed my address that often. This class of visitor is going to be one of two things -- either someone with a Web site that links to yours or includes it in their directory, or an "enterprise-class" scraper or spammer -- They are using a server to scrape content, collect e-mail addresses, or try to auto-post to your forums, etc. I usually block entire server farms and co-location facilities, which might mean an entire Class C or larger.
Sometimes, you may want to put another consideration above those: How much legitimate traffic/business/revenue do you get from the IP address range? I'm referring obliquely here to "ISPs" or "countries" or "regions." Rather than block troublemakers in certain areas one-by-one, it may be more efficient to block a much larger range if doing so is unlikely to affect legitimate traffic.
If you err on the side of a wide block, then you may lose legitimate traffic. If you use narrow-range or single-address blocking, then your block list will quickly grow huge, inefficient, and unmanageable.
Anyway, there are other exceptions, of course, and so you must do a bit of research using Whois and/or Sam Spade (or similar) to figure out "how long and how wide" an IP blocking duration and range should be.
> Does it matter if the line with the ip addresses is not on one line,
Yes, if you put a newline into the code, you will get a syntax error. But don't confuse that with a line wrapping around to fit your edit window. And if you mean the multi-line method that I just posted, then the difference is code size and execution speed.
Jim
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.67\.19\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.89\.56\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.23\.39\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^210\.76\.38
RewriteRule ^(.*)$ [yahoo.com...] [L]
Dexie.
Any help much appreciated.
Dexie.
way of finding out the ip block for Nigeria, China and Russia
My non-ARIN ranges were tediously implemented some six years ago.
block a country dot com from another forum may be useful.
My non-ARIN ranges were tediously implemented some six years ago.
I've never used the thing.
I did look at a few countries and decided it may be useful for beginners.
One thing, if you received an email from someone who you wanted to redirect based on thier IP, and it said :
Received: from bay0-omc2-s6.bay0.hotmail.com ([65.54.246.142]:15742)
by (domain host) with esmtp (Exim 4.69)
(envelope-from <#*$!x@hotmail.com>)
id 1KGacH-0000Wd-O0
for #*$!#*$!#*$!x.com; Wed, 09 Jul 2008 15:25:58 +0100
Received: from BAY135-W47 ([65.55.140.82]) by bay0-omc2-s6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
What IP address would you use please ?
The helps appreciated.
Dexie.
One thing, if you received an email from someone who you wanted to redirect based on thier IP, and it said :
This is web accessed email, which attempts to pull "our" pages and images into the active hotmail web page.
On my own sites these requests are denied under the anti-hotlinking lines. In certian instances (at least specifcic directories; not all) I've added exception lines to allow these requests.
I would focus on the following rather than the IP:
bay0-omc2-s6.bay0.hotmail.com
should have been clearer, it's not for anti-hotlinking
It doesn't need to be.
Rather that is the example that I provided for use of the referrer.
DExie.
See if your e-mail client has an option to "show full headers" or "show all headers." If so, enable this option, and look for the header, "X-Originating-IP". If that IP address is a private IP address, you can redirect based on it. If it's a shared address, or if the header is not present, then there's not much you can do.
Jim
Denying or redirecting many hotmail users may not be in your best interest.
Jim I agree entirely.
However not all hotmail referrers contain these specific phrases:
bay0
omc2
s6.bay0
Thus the multiple phrases and/or users allows versatility in specific focus.
In addition and these "focused" implementations, I would personally refrain from the using the NC option.
How many other users are likely to also be inadvertently blocked by this rule?
