Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to block a specific user agent in Apache

Tags:

apache

apache2.4

I'm configuring my Django app to email me errors (exceptions).

Normally no problem - but my email is hosted on Office 365, and it seems that Microsoft is automatically scanning and loading URLs within emails.

The result is that it hits the URL in my Django app, and causes another error... and another email. End result: a charming little mail loop which sends me 50+ messages within a few seconds.

I found entries like this in my apache logs:

157.55.39.163 - - [22/Aug/2018:17:30:05 +0000] "GET /testerror HTTP/1.1" 500 5808 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"

I want to block access to the user agent (containing "BingPreview"), so I can prevent this loop.

I put this into my virtualhost:

SetEnvIf User-Agent "^.*BingPreview.*$" bad_user

<Directory /path/top/my/app/>
   <Files wsgi.py>
       Require not env bad_user
   </Files>
</Directory>

But when I reload apache, I get the error negative Require directive has no effect in <RequireAny> directive.

like image 817
jdhildeb Avatar asked Aug 22 '18 18:08

jdhildeb

2 Answers

Got it figured out. Thanks for the tip, @Tobias K.

I enabled mod_rewrite because it wasn't already enabled.

a2enmod rewrite

Then I put this into my virtual host:

RewriteEngine on
RewriteCond %{HTTP_USER_AGENT}  ^.*BingPreview.*$
RewriteRule . - [R=403,L]

And restarted apache to take effect:

service apache2 restart

And I can see in the apache log that BingPreview is getting blocked (note the 403):

157.55.39.163 - - [22/Aug/2018:18:12:09 +0000] "GET /testerror HTTP/1.1" 403 4385 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b"

like image 110
jdhildeb Avatar answered Nov 01 '22 09:11

jdhildeb

But when I reload apache, I get the error negative Require directive has no effect in <RequireAny> directive

<RequireAny> is the default "implied" container if not explicitly stated.

You can resolve this by doing something like the following instead:

SetEnvIf User-Agent "BingPreview" bad_user

<Directory /path/top/my/app/>
   <Files wsgi.py>
       <RequireAll>
       Require all granted
       Require not env bad_user
       </RequireAll>
   </Files>
</Directory>

The "regex" BingReview is the same as ^.*BingPreview.*$.

like image 37
MrWhite Avatar answered Nov 01 '22 08:11

MrWhite
Sign in to Comment

Related questions

Simple htaccess rewrite rule error 404
Manipulate Headers of PHP response in .htaccess-file?
Apache not running automatically on docker compose up
Archiva Remote repository issue
How to redirect HTTPS non-www to HTTPS www using .htaccess?
How make PHP session work using subdomain and AJAX?
Apache still serving PHP file with incorrect permissions
Tomcat hosting multiple virtual host with multiple SSL certificate
how do i install Vue.js using cli on my local machine using Apache?
Make PHP 7 run on Apache instead of 5.6 with Scotch Box / Vagrant
How to Redirect Apache Logs to both STDOUT and Apache Log File
Proxy requests only if the file is not found?
php: cannot perform multiple fread() calls on php://input
EC2 instance inbound rule not working
Replacing Bad Node in Zookeeper Quorum Safely
Apache Flask Error 13, permission denied [duplicate]
subdomain VHost setup with EC2/Route53
.htaccess RewriteRule to path without changing URL
Custom Error 403 Page PHP
How start & stop MAMP PRO using command line?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!