-1

My website got spoofed, and I don’t want other domains to get my site info/data through http requests anymore.

How can I deny all request that came from outside my website?

Thanks!

content01
  • 3,115
  • 6
  • 41
  • 61
  • 1
    What do you mean outside my website. Please explain in detail if you want best answer! – Satish Feb 04 '13 at 14:40
  • Did you try IPtable? see http://serverfault.com/questions/199421/how-to-prevent-ip-spoofing-within-iptables – Satish Feb 04 '13 at 14:47

1 Answers1

1

From the question, I could guess you want to avoid hotlinking of your resources. In this case, you can add following files to your .htaccess file.

RewriteEngine on  
RewriteCond %{HTTP_REFERER} !^$  
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]  
RewriteRule \.(jpg|jpeg|png|gif)$ http://yourdomain.com/showerror.gif [NC,R,L]

The above code will redirect the users, who are not coming from yourdomain.com to some random page or resource to show the message. In this case showerror.gif.

The above code will also check for blank referer and allow them, thus not blocking legitimate users browsing behind proxies/firewalls.

The file extensions in braces can be changed with | separating them.

Another scenario can be forms, where you want users to post data from your website's form and not hotlink it from anywhere else. In this case, you may utilize csrf token as a hidden field in your form. Check this token against a stored session token and regenerate it on every request to keep it fresh.

Hope this helps.

Ehs4n
  • 762
  • 1
  • 8
  • 24
  • Didn't saw your edit. You are probably looking for http://stackoverflow.com/questions/3518914/prevent-automated-tools-from-accessing-the-website – Ehs4n Feb 04 '13 at 15:01