Return-Path: 
 <users-return-75038-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 59902 invoked from network); 29 Aug 2007 12:44:01 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 29 Aug 2007 12:44:01 -0000
Received: (qmail 74270 invoked by uid 500); 29 Aug 2007 12:43:46 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 74246 invoked by uid 500); 29 Aug 2007 12:43:46 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 74235 invoked by uid 99); 29 Aug 2007 12:43:46 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Aug 2007 05:43:46 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of antennex@hotmail.com designates
 65.54.246.206 as permitted sender)
Received: from [65.54.246.206] (HELO bay0-omc3-s6.bay0.hotmail.com)
 (65.54.246.206)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Aug 2007 12:44:35 +0000
Received: from hotmail.com ([65.55.130.119]) by bay0-omc3-s6.bay0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.2668);
	 Wed, 29 Aug 2007 05:43:17 -0700
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 29 Aug 2007 05:43:17 -0700
Message-ID: <BAY125-F39D6B0026F5F2EB681D4DDCCCC0@phx.gbl>
Received: from 65.55.130.123 by by125fd.bay125.hotmail.msn.com with HTTP;
	Wed, 29 Aug 2007 12:43:16 GMT
X-Originating-IP: [65.68.247.73]
X-Originating-Email: [antennex@hotmail.com]
X-Sender: antennex@hotmail.com
Reply-To: orvilleg@hotmail.com
In-Reply-To: <813716b60708250838v4d287e79ubde23079e5f94caf@mail.gmail.com>
From: "Jack Stone" <antennex@hotmail.com>
To: users@httpd.apache.org
Date: Wed, 29 Aug 2007 07:43:16 -0500
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 29 Aug 2007 12:43:17.0040 (UTC)
 FILETIME=[2BFDBB00:01C7EA3A]
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] mod_rewrite or mod_access

>From: "Vincent Bray" <noodlet@gmail.com>
>Reply-To: users@httpd.apache.org
>To: users@httpd.apache.org, orvilleg@hotmail.com
>Subject: Re: [users@httpd] mod_rewrite or mod_access
>Date: Sat, 25 Aug 2007 22:38:58 +0700
>
>On 25/08/07, Jack Stone <antennex@hotmail.com> wrote:
> > We still use MSFrontPage on certain sites and was wondering how best to
> > block visitors who use FP in attempts to abuse the sites, BUT, not block 
>our
> > own valid users?
> >
> > Figured best to use mod_rewrite or mod_access for this purpose, but 
>unsure
> > of the syntax to use on those vhost containers where we may have the
> > conflicts.
> >
>
>Either should work. First with mod_access (as it is in 2.0)
>
><Location /_vti_bin/_vti_aut/author.exe>
>  Deny from all
></Location>
>
>.. or fancier ..
>
><LocationMatch ^/_vti_bin/_vti_(evil|regex)>
>  Deny from all
></LocationMatch>
>
>Or with mod_rewrite:
>
>RewriteEngine On
>RewriteCond %{REMOTE_ADDR} !^trusted.host.pattern$
>RewriteRule ^/_vti - [F]
>
>This basically says, if the address looks like some frontpage nonsense
>and the client isn't coming from a known address, don't change the URL
>(the - part), and forbid [F] the request.
>
>You can probably get fancier still with mod_security, where fancy
>includes stuff like time based abuse escallation, and just about any
>conceivable formula based on the request (including any entity bodies,
>which mod_rewrite can't see).
>
>Good luck.
>
>--
>noodl
>

Noodl, I tried the mod_rewrite suggestion which was working until I 
discovered it was killing the FP counter. So, switched to this as a separate 
rewrite block by itself since I send the mass downloaders to a special page 
explainy why blocked:

RewriteCond %{REMOTE_ADDR} !^xx.xx.xx.xx$
RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MSFrontPage [NC]
RewriteRule ^.* - [F,L]

I think this is doing the trick now.

Many thanks!

Jack

_________________________________________________________________
Learn.Laugh.Share. Reallivemoms is right place! 
http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org