Support ⇒ Security ⇒ Adding a top level domain to http referrers blocklist ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexSecurity

Adding a top level domain to http referrers blocklist Reply to topic


Most of the dull "viagra" type bogus http referrals are from the same top level domain (.ru). I'd like to add this to the blocklist but can't because I get the "The HTTP Referers format is not valid." error.

Can I just add .ru to into the table by hand or will this cause an issue?

I add maybe a dozen of these a week now to the block list and I expect this will be a performance issue eventually and I've never one had a non-bogus referral from this domain so see them as a waste of time.

Please enter your server specs in your user profile! 😢


admin/modules/security.php line 611

change
if (!strpos($new_entry,'.')) { cpg_error(sprintf(_ERROR_BAD_FORMAT, _HTTPREFERERS)); }


to
if (FALSE === strpos($new_entry, '.')) { cpg_error(sprintf(_ERROR_BAD_FORMAT, _HTTPREFERERS)); }


in admin.php?op=security&referers add
.ru$

Note the dollar sign, if you omit that you'll be banning ab.rumor.com as well. In other words you might use regular expressions as well.

If you are happy with that, open a bug report and include my fixes .. you know getting old and its easy to forget things Laughing

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Cool. I've updated the code and removed the old blaa.ru entries and replaced them with one single .ru$ entry. Now we see if they stay out of my referrers table!

Thanks. If all is well in a couple of days I'll bung it all in a bug report.

Please enter your server specs in your user profile! 😢


This works fine and I've raise a bug report. Thanks again.

Please enter your server specs in your user profile! 😢


This isn't blocking all urls from the domain. I've added

.ru$

to the list but urls in the format

http://blaa.ru

are not being excluded.

Please enter your server specs in your user profile! 😢


As I previously suggested you may use regular expressions that start matching from .ru

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


I'm not sure I follow. I want to remove any and all url's that end in .ru, thus

^.*/.ru$

Should do it. Is this what I am supposed to add?

I'd assumed that this would by default match any combination of characters before the dot already, but it seems that it must be a more complex matching as it still allows domains without a sub domain while removing all others.

Please enter your server specs in your user profile! 😢


something like.ru($|\/)

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS


Sorry Nano but this doesn't seem to work. Domains without a sub domain always seen to go through.

Please enter your server specs in your user profile! 😢

All times are UTC


Jump to: