Collateral damage
I’m making a few more tweaks to my anti-comment-and-referer-spam .htaccess file. The two significant changes, for now, are the addition of a new user-agent block (from Candygenius through Ann Elisabeth) and, more importantly, an exception for Google, which merits more discussion.
A few visitors have pointed out to me that since click-throughs from Google results include the search string, if you’ve got something on your site which might legitimately match a search for one of the terms in our regex, you’ll reject the click-through, even though it was (presumably) a legitimate visitor from Google. You might see this as a feature, since you can search your domain plus a banned string to test the block (it seems unlikely that someone would legitimately be searching for one visitor’s example, blogs4god.com poker.) But maybe you want everything from Google. Since we know the form of a legitimate referer from Google, we can add this line:
SetEnvIfNoCase Referer "^http://www.google\..+/search.*" !spam_ref
…which clears our spam_ref environment variable and lets the request through. Note that this has to come up after our big regexp.
While I’m at this, though, I asked my host about alternatives. Specifically, I’ve been reading about mod_security, which might be quicker, easier to understand, and hopefully less dangerous if mucked up. It’s installed on my host, so I may try it. I’ll keep you posted.
I was amused at the response from my hosting company, though; they couldn’t figure out how I was using mod_setenvif. (“But you won’t be able to access the environment variables until they get to a CGI…”) Apparently they didn’t know you can access the environment variables from both mod_access and mod_rewrite. So we can use the relatively-simple-to-understand mod_setenvif to set up the pins for the mod_access and mod_rewrite bowling balls. (Or, to mix my metaphors, mod_setenvif just walks through the forest with spray-paint, while mod_access and mod_rewrite follow with chainsaws.)
Now Playing: Battle of Who Could Care Less from Whatever & Ever Amen by Ben Folds Five
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)