|
I have a probem with bot script
and brute force attacks. I wrote a script that stops about 95% of attacks. However, there a still a couple of guys out there that do ip spoofing. I tried using .htaccess file like it is below hoping that the rewrite directives from mod-rewrite would require the user to come from a certain page first. That is why I put the rewrite stuff at the top. However, it does not. It still ask for user credentials and then the rewrite stuff kicks in. Finally, my question. How can I get the .htaccess file to do the mod-rewrite directives first and then do user authentication. This would stop bot scripts that at least didn't have the HTTP_REFERER env. variable set correctly. Is it possible. ######## my .htaccess file below starts here ####################### RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://mydomain.com/login/ [NC] RewriteRule /* http://mydomain.com/ [R,L] AuthUserFile /path/to/my/password/file/.htpasswd AuthGroupFile /dev/null AuthName 'Protected Area' AuthType Basic <Limit GET PUT POST> require valid-user </Limit> #added for unhurler ErrorDocument 401 /cgi-bin/unhurler/unhurler.pl ################ ends here ####################################### Thanks in advance -- John Michael |
