Image.htaccess. : a quick and easy solution for "Anti-Spam for advertising Referers"...

[:ask] How to reduce the not so human visitors that come with annoying referer like medical products or easy money ?

[:idea] We have a fancy solution !
The goal is to avoid such referer to reach your site and get counted by stats.
So you can use the .htaccess file to restrict the access to your site, be rejecting (return HTTP error code 403-Forbidden) unwanted referers, or search bots (agents) like mail harvester or image seekers.

Have a look to the special trick in the Download Area by using the tweaked .htaccess file...


Here is the detail of the process :

The trick is separated in 2 parts, the first one is the detection, the second one is the action on detected items.

The detection use RegExp to match the unwanted pattern in the referer or user-agent information returned by the requester.

Once identified the source is added to the "banned" environement  group.

Then we use a special trick to return the attack toward the spammer, we redirect them to their own link (301-Redirection)...
And in case the redirection fail, we just deny the request (403-Forbidden Page)

So all you need is to copy the file in the archive on the root of your website, and rename it as ".htaccess".

Note: will work only on Apache webserver !


# Reject from specific IP addresses
# - Reject a Single address
Deny from
# - Reject a Range of address (class-C)
Deny from 148.244.150.
# - Reject a Range of address (class-B)
Deny from 148.244.

# Deny access to all with status "banned"


# Referers Filter (Banned Sites)
SetEnvIfNoCase Referer"^http://([a-z0-9\-]+\.)?blogg\.de.*$" banned
SetEnvIfNoCase Referer "^http://([a-z0-9\-]+\.)?vjackpot\.com.*$" banned

Referer Filter (banned Words)
SetEnvIfNoCase Referer "^http://(\W)buy.*$" banned
SetEnvIfNoCase Referer "^http://(\W)cheap.*$" banned

# User-Agent (Browser/SearchBot/Agent) Filter
SetEnvIfNoCase User-Agent "extractor" banned
SetEnvIfNoCase User-Agent "grabber" banned
SetEnvIfNoCase User-Agent "harvest" banned

# Enable Rewrite mode
RewriteEngine On

# Nice trick.. => 301-Redirect to themself...
RewriteCond %{ENV:banned} ^1$
RewriteCond %{HTTP_REFERER} ^(.*)$
RewriteRule ^(.*)$ %1 [R=301,L]

# In any case => 403-Forbidden Page
Order Deny,Allow
Deny from env=banned

Some references:

  • -none-