Blocking bad referers using web.config file

multichild · February 25, 2015, 7:58pm

I am working with a Linux server and believe I can use the web.config file to action the command below.

I want to block certain URL’s and below is an example of one, but the one below is a direct link, and what I would like to do is block the whole domain.

directorylinkhub.com/index.php?q=pendulumofmayfair.co.uk

This is what I am attempting to do.

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="RequestBlockingRule1" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_REFERER}" pattern="*.directorylinkhub.com*" negate="false" />
</conditions>
<action type="Redirect"  url="http://www.directorylinkhub.com"/>
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

I will need to block a few domains and the one above is the first one, and so to use multiple blocks I simply add this below the first block

<rule name="RequestBlockingRule2" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions>
<add input="{HTTP_REFERER}" pattern="*.directoryleader.co.uk*" negate="false" />
</conditions>
 <action type="Redirect"  url="http://www.directoryleader.co.uk"/>
</rule>

Cheers

multichild · February 26, 2015, 3:56pm

I think its seems to be right, but one thing I did notice was the dot notation in front of the url after the asterix, as below -

 <add input="{HTTP_REFERER}" pattern="*.directoryleader.co.uk*" negate="false" />

I took that away and left the asterix, seems to work ok, but would still be grateful for any advice if not exactly correct.

One more thing, in the example above I’m using the url, so wondered what the procedure would be if I wanted to ban an IP address, is it simply the case of doing it like this

<add input="{HTTP_REFERER}" pattern="*188.12.35.345*" negate="false" />

Cheers

multichild · February 27, 2015, 3:56pm

As well as using an ip address, can someone help by blocking a server address, something like this -

ns35.xl.com
ns36.x.com
ns74.xl.com
ns73.x.com
ns1.x.com
ns2.x.com

So using something similar to what I have used for the url’s, but to block ip addresses and server names as above.

Thanks

system · May 29, 2015, 11:03pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.