I'm trying to block access to my website depending on whether a visitor had visited the site through another website. The latter has been using up my traffic by using an iframe to display content through his site, masking my site's identity.
I have mod_env_if activated in apache2.
ErrorDocument 403 /error403.html
SetEnv noaccess=0
SetEnvIf Referer "^http://sitetoblock\.tk/" noaccess=1
SetEnvIf Referer "^http://www\.sitetoblock\.tk/" noaccess=1
<FilesMatch "\.(gif|png|jpe?g|php|html)$">
Order Allow,Deny
Deny from env=noaccess
</FilesMatch>
The problem is that this directive is blocking all traffic including direct visitors to the site. What am I doing wrong?
Best Answer
In your configuration, default access state is "Deny" because you have "Order Allow,Deny". Change the Order to "Deny, Allow" so you can explicitly deny access based on your referer check.