Flashes of Panic

I’m extending my anti-referrer-spam .htaccess file a bit. The idea was to take a mod_rewrite idea from Ed Costello (which, for some reason, isn’t working on this site anyway) and apply it to the giant mod_setenvif regexp I’ve been building from Dorothea’s suggestions and my own logs.

The first step is to extend my existing SetEnvIfNoCase rules. Until now, I’ve been simply setting the environment variable, because deny works based on its mere existence. However, to make it play nicely with mod_rewrite, I’ve added a value (yes) to the variable, so SetEnvIfNoCase lines now look like this:

SetEnvIfNoCase Referer .*\.hq_inform\.com.* spam_ref=yes

Now, we swipe some of Ed’s mod_rewrite code, but change the conditions. (Note that you need to have RewriteEngine on somewhere above this in your .htaccess file for this to work.)

RewriteCond %{ENV:spam_ref} ^yes$ [NC]
RewriteCond %{HTTP_REFERER} ^(.*)$ [NC]
RewriteRule ^(.*)$ %1 [R=301,L]

Line by line, it goes like this: First, if the environment variable spam_ref contains the value “yes” (nothing more or less than those three letters in that order, and (second line) there is a “Referer” value in the HTTP request, then we apply the rule. (The second rule looks redundant, considering that if there was no “Referer” the spam_ref variable wouldn’t be set. You’ll hit both rules, or neither. But we need that second rule to get the “Referer” value stored, for the) Third line, if the above two matched, rewrite the request URL to the value of the “Referer” value (the %1 is expanded to the previous match, which was on the second line.) This gets sent out as a 301 Redirected response, which, according to Ed, then gets logged on their site as entirely tail-chasing and not involving my site at all. (Hey, I didn’t ask for the traffic; they did.)

See the access file for the whole workup.

Now Playing: Best Black Dress from Live From Northampton (Disc 2) by The Nields