.htaccess : blocking proxy

.htaccessapache-2.2PROXY

so there is this guy spamming my phpBB2 forum since he's banned. He keeps coming back with proxies, and I would like to block them using my htaccess. My forum is located at http://www.site.com/forum/ I put a .htaccess file in /forum/, which contains the following, as found somewhere on the net:

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

I heard this is pretty accurate. So I tried, and the web proxy was unable to reach the page. But it worked like 5 minutes, and now it's not blocking anything… I tried different proxies, web based or not, and nothing was blocked… I'm wondering if I did anything wrong, the htaccess looks correct to me !

If you guys have an idea, that would be awesome. I always find my answers on Stackoverflow, so I thought I should ask here 😛

Cheers

Best Answer

I hope you understand that IF you will make your proxy-blocking rules work this will forbid not only the spammer but all the users using proxies.

You can try logging X-Forwarded-For header (e.g. if you are using apache, add "%{X-Forwarded-For}i" to logformat) . This should give you real visitor ips in access log unless the spammer is using anonymous proxies. Then match the timestamp of his post against http access log (use a few seconds time window) and you should get his real ip. It may just work.

if the spammer is using anon proxies you may need to moderate your posts. You should do it anyway. Accept automatically posts from well known users and moderate the posts of new/untrusted users. I don't know phpbb but it probably supports moderation.

EDIT__

If you really want to block (bad) proxies try using mod_spamhaus , it should block the ips reported for spamming and open proxies. See spamhaus website to get an idea on what ips are being reported. I can't think of any mod_rewrite rules that could block anonymous proxies (I keep thinking about it)

Related Topic