The title of this article is rather weird, mainly because I can't seem to find a suitable title for this article. It is just for the record. This article mainly records the configuration of .htaccess, including the use of . htaccess blocks malicious User Agent, etc. Before we begin, let us first understand what .htaccess is and what User Agent is.
common sense
1. What is .htaccess
The .htaccess file is a configuration file in the Apache server. It is responsible for the configuration of web pages in related directories. Through the .htaccess file, we can help us achieve: web page 301 redirection, customize 404 error page, change file extension, allow/block access to specific users or directories, prohibit directory lists, configure default documents and other functions. Our common pseudo-static rules are written into the .htaccess file.
2. What is User Agent
User Agent is translated into Chinese as user agent. It is a special string header that allows the server to identify the operating system, version, and CPU type used by the visitor. , browser and version, browser rendering engine, browser language, browser plug-in and other information.
.htaccess brief introduction
In fact, for the above explanation, let’s talk about the basic configuration of .htaccess.
.htaccess We can use it to block access to search engine spiders, block IP segments in specified countries, prevent images or files from being linked, or use it to customize error pages, redirect requests, etc. Here, let’s briefly talk about how to use .htaccess to block search engine spiders, such as Baidu, Sogou, etc. We add:
SetEnvIfNoCase User-Agent "^Baidu" bad_bot
SetEnvIfNoCase User-Agent "^sogou" bad_bot
SetEnvIfNoCase User-Agent "^Bloghoo" bad_bot
SetEnvIfNoCase User-Agent "^Scooter" bad_bot
Deny from env=bad_bot
Let's take a look at how to use .htaccess to prevent image hotlinking (if you use a CP panel host, please don't bother, just go directly to the panel). We just add the following content to .htaccess.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$ [NC]
RewriteCond %{HTTP_REFERER} !vpsok.net [NC]
RewriteCond %{HTTP_REFERER} !google.com [NC]
RewriteCond %{HTTP_REFERER} !baidu.com [NC]
RewriteCond %{HTTP_REFERER} !bbs.vpsok.net [NC]
RewriteRule .*.(gif|jpg|png)$ – [F]
The RewriteCond %{HTTP_REFERER} !^$ [NC] above indicates that the user is allowed to directly enter the image address for display. The next few lines set the allowed http access sources, including ourselves, google, Baidu, etc., and the last line refuses to be stolen. The file format of the chain can be added by yourself.
A brief introduction to User Agent
In fact, .htaccess has a very wide range of uses, far beyond what I mentioned above. Due to personal limitations, you can just google for other more awesome ways to play. Because I specifically mentioned this User Agent today, I will talk about how to use .htaccess to block malicious User Agents later.
First, we randomly intercept a piece of website access log.
As shown above, this is a screenshot of the access log of a website I found at random, followed by the Mozilla/5.0 (Windows; U; Windows NT 5.2) Gecko/2008070208 Firefox/3.0.1 section. It is the User Agent. From this paragraph, we can see the visitor's operating system, browser and other information (I am just using .htaccess to block the User Agent as an example, it is not a standard, remember).
#Begin Deny Useragent
RewriteCond %{HTTP_USER_AGENT}".*Gecko/2008070208.*"[OR]
RewriteRule ^(.*)$ http://vpsok.net/
#EndDeny
In fact, there is no need to block the records of normal visits. The main reason is that when our website encounters malicious visits, we can refer to the settings.
Note: The above .htaccess requires apache server engine, nginx is not applicable.
