|
|
Can I selectively block people from visiting my Web site?Dave, we've got a problem. I help run a Web site and we're finding that there's one troll out there (yes, I read your article on trolls a few days ago!) who keeps showing up and posting inflammatory comments, really ruining the guest book for everyone else. Is there a way to selective block one person without just tossing the whole guestbook out? Sorry to hear about your problems, but it doesn't entirely surprise me. For all that we as a society talk about free speech and the right to disagree, it only seems to extend in one direction: "You need to listen to me and you can't shut me up." For you to be able to accomplish what you want -- a tactic I endorse, by the way, and do not see as censorship in other than the most general way -- you're going to find that the solution varies based on what kind of Web server you have running. A good first step, therefore, is to ask your Web hosting provider what kind of server they run. A good answer is Apache, because it's flexible and easily tweaked to accomplish this task. If you have something else, like Microsoft's Internet Information Server (aka "IIS"), you'll need their help setting this up, because the solution I'm offering is Apache-specific. If you are running Apache, then go into the directory that contains the guest book (or that contains the CGI script itself, for that matter) and, in a file called .htaccess, add the following: <Directory /what/ever> Order Allow,Deny Allow from all Deny from 10.1.2.3 </Directory> Switch "/what/ever" to match the directory name. That should do it. If that doesn't work, you can also drop this block into your httpd.conf file, if you're comfortable editing that file. Once it's installed, you'll want to change the 10.1.2.3 to the IP address of the offending party (look in your log files for that information). Hope this helps you solve the problem. Good luck. My thanks to Omar W. Hannet for his help with this entry. Please pop over to the Apache Web site for more details on mod_access
Related HTML, JavaScript and Web Site Programming articles:
✔ How to Create Predefined Google Image Search Links?
Thanks for the Amazon URL [see Creating Amazon Search Links]. That worked beautifully. In fact, I sent you $5.00 for coffee in thanks....
✔ Can I embed a Facebook search box on my blog site?I've seen your articles about how to add a Twitter or Google search box on a Web page, but I have a tougher...
✔ Can I use CSS for drop shadows on my blog?I want to give my site a bit of a facelift and add some neat graphical elements. One of which is drop shadows....
✔ How can I embed interactive photo panoramas on my site/blog?I read through your blog entry about how to take panoramic photos with iOS 6 and an iPhone 5 and got enthused. I've...
✔ How can I create a Twitter search URL shortcut?I'd like to add a few Twitter search links to my Web site. Is that possible, or does Twitter prohibit this sort of...
Let's stay in touch!
Sign up for my weekly AskDaveTaylor Newsletter and you'll receive even more tech and gadget help
right to your inbox, along with exclusive news and industry updates. It's good stuff. I promise!
Categorized:
HTML, JavaScript and Web Site Programming
(Article 3879,
Written by Dave Taylor)
Tagged: Previous: What's a troll and a zombie? Next: Can I forward selected messages from my GMail Account? Reader Comments To Date: 21Dave Taylor said, on February 12, 2005 2:56 AM:
I agree. Do you have a suggestion as how you could tweak Apache to include those cases? Julio Poisot said, on February 22, 2005 5:31 PM:
You can use cookies to track the troll and deny access to your pages. This can be a little tricky, because you don't know in advance the new IP of the troll. One solution is to seek for words only the troll uses, and atach a special cookie to identify the computer the troll is using. Implementetion in PHP is probably the easiest way to do it. Julio Poisot said, on February 22, 2005 5:31 PM:
You can use cookies to track the troll and deny access to your pages. This can be a little tricky, because you don't know in advance the new IP of the troll. One solution is to seek for words only the troll uses, and atach a special cookie to identify the computer the troll is using. Implementing it in PHP is probably the easiest way to do it. kjteoh said, on May 15, 2005 7:53 AM:
get your cgi to look up a list of banned words! B said, on August 11, 2005 2:29 PM:
i can not on block her A Hsu said, on December 12, 2005 4:29 PM:
I use Typepad to blog, and I'd like to block specific users from accessing my blog. Since i"m not hosting on Apache, do you know of any way that I could block people from visiting? Thanks! Dave Taylor said, on December 12, 2005 4:41 PM:
I'm afraid you can't do that with Typepad. You can block specific people from adding comments (if you know their IP addresses) but you can't block people from *reading* your site. Sorry! Kamusi Project said, on February 4, 2006 10:03 AM:
Hi Dave, My problem is slightly different. When I look through my site's log, I see that I'm getting hundreds of hits from spam addresses in my "links from external addresses" list. I'm not sure whether the point of the spam hits is just to have webmasters check out their referrers and in that way generate traffic to their website, or whether (more likely) the idea is to have their sites show up in my log, in the hopes that the log is linked to the main site, so they can increase their Google rankings. In any case, I'm getting tired of manually listing all the offending URLs in my htaccess file. My question, therefore, is: does anyone publish a list of spam URLs that webmasters can add to their htaccess files? Or, even better, is there some service such as AdBlock that tracks the spammers and that you can somehow route your htaccess files to check? Any thoughts would be most welcome! BTW, here's my current .htaccess file Order Allow,Deny Don said, on February 7, 2006 8:46 AM:
Dave, Dave Taylor said, on February 7, 2006 1:52 PM:
Martin and Don, I'm afraid to say that at some level the spammers win this war because you'd have a prohibitively long list of domains to block and that still wouldn't work because spam tools can "spoof" or pretend to be from other domains entirely. :-( Further, open tools like guest books are just an invitation for trouble, I'm sorry to say, so unless you can change your guestbook system to leave entries as "unpublished" until you manually approve them, you're probably better off disabling the guest book entirely. Both of these answers are terrible and I greatly miss the free and open nature of the Internet as it was years ago and every entry to a guest book was a voice from the great unknown and highly anticipated. But as far as I can see, there's no going back. :-( Faith said, on May 11, 2006 7:43 AM:
// Block IP address script- By JavaScriptKit.com (http://www.javascriptkit.com) //Enter list of banned ips, each separated with a comma: var ip = '' var handleips=bannedips.join("|") if (ip.search(handleips)!=-1){ You will need to change the 23.23 and 11.11 of course. This works great for the most part, but if they have a changing ip address you will have to block a lot more. van casey said, on December 1, 2006 11:32 PM:
I recently Googled an old techie friend and discovered she now has a company, and she made her email address at her company's website public. So I sent her an email, and got no reply. A few days later, I found that when I tried to go to her website my browser said it didn't exist ("cannot find" etc). Before assuming the worst; i.e. that she selectively blocked me-- I was wondering, IS this what my browser would say in such a situation? Or would it instead be something like "access denied"? Hondo Hughes said, on December 5, 2006 8:32 AM:
I just read the posting from Van Casey on 12/1/06. I have a similar issue in that a site for the Club managers Association of America (www.cmaa.org)does not open when I click on it. I notified their techies and they said I needed to relax my security on my computer. I did that but to no avail. When I called a friend, he was able to access their site. So my question is WHAT TO DO? I cannot believe that a national organization would just seleectively block someone from accessing their site. Please help. Much appreciated. iced nyior said, on April 5, 2007 3:41 AM:
can i block a whole bunch of IPs by using the *? for example <Directory /what/ever> Nick said, on January 14, 2009 2:03 PM:
Hey, I am wondering if there is a way to block a specific user from accessing my blog due to troll related matters :( I am using a blogger site (www.blogname.blogspot.com). I am purchasing a .net domain in a few days for it though but i will still be on blogger. I dont wan to have to add readers because they come and go (in their thousands) so it would be a pain in the *** to have to allow them all just to stop one troll :( adrian hunter said, on October 23, 2009 7:39 PM:
i've been looking for a method to stop a chinese search engine that partially downloads my podcast files, thereby wasting my bandwidth. i've looked at DOZENS of sites that either tell me the format of .htaccess or offer tho generate one based on ip input, but even on this page the syntax is different on each!
order allow,deny and even
Raoul said, on February 9, 2010 10:53 AM:
Thanks for the tip! I'll use these against competitors researching our website. bruce said, on February 19, 2010 7:28 PM:
question i am looking for a program that when i am in a chat room i can block or remove someone from the room as we all know chat rooms have there share of jerks and some sites just dont care or they try but are not fully prepared or set up we have this one who is very very disrespectfull to everyone and i am trying to figure out how i can stop this abuse also help this site out as it is a great site can you help me if so please respond thank you Vking said, on January 14, 2011 5:22 PM:
Hello! JR said, on February 9, 2012 6:00 PM:
Hi Dave (big fan, even if newly so)- Today, I tried to visit the www site of my former employer, in order to show a new employee how our services differed. I was shocked to find out that not only did the site not load, but also that a message, stating: [403 Forbidden - You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.___Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rehl5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at http://websitenameundisclosed.com (please understand my desire for privacy here) Port80] was in place of the site content. After further investigation, "we" discovered that every IP address/Computer using my wireless network was subject to the same forbidden status, except for a brand new Nextbook tablet (that had never before today been connected to the network). ***As a side note: a Lenovo tablet that has previously accessed the same network received the same "forbidden" message as all other computers. From here, we began to reach out to others outside of this wireless network, in order to confirm or deny that such was or was not true of other non-associated-with-my-wireless-network IP Addresses/Computers in different parts of the city, country, etc. - all were able to access the site with NO PROBLEMS. While I agree with much of your advice regarding the foreboding of certain access to a site (especially in the case of someone intent on causing harm and/or havoc for a particular company through its url), something about this feels "odd" at best and potentially illegal (given censorship laws in the US). Is it really legal (I read your disclosure regarding your "advice" as concerns the legality of such matters and therefore know that you are only giving your non-legal opinion) to deny access to a universally accessible site to one or more IP addressed (or networks) that is otherwise accessible to all? And further, don't I have ample right to be concerned that ANY computer that has accessed the www via my wireless network has been somehow "tagged" and forbidden? It seems so very invasive and disconcerting - at best. I guess, at the end of the day, the above is my primary concern - that of some extremely concise and clear identification and manipulation of my particular wirelesss network & any IP addresses associated with it, regardless of whether they have even ever accessed the specific url in the past. I am glad that you are out there, appreciate your advice and generosity of energy and knowledge and so look forward to hearing from you. Thank you much.
I do have a comment, now that you mention it!Check This Out Too... |
Recent Entries
Look for Answers
Recommended
All Our Categories
Apple iPad Help
Articles and Reviews Auctions and Online Shopping Blogs and Blogging Building Web Site Traffic Business and Management Computer and Internet Basics d) None of the Above Facebook Help Google Gmail Help Google Plus Help HTML, JavaScript and Web Site Programming Industry News and Trade Shows iPhone and Cell Phone Help iPod, Sony PSP and MP3 Player Help Kindle Fire Help Mac OS X Help Pay Per Click (PPC) Advertising Pinterest Help Search Engine Optimization (SEO) Shell Script Programming Tech Support Video Help The Writing Business Twitter, LinkedIn and Social Network Help Unix and Linux Help Video Game Tips and Help Windows PC Help Find Me on Google+ ADT on G+ |
Dave, while your solution works for a fairly large number of cases, I see at least two flaws: it blocks EVERYONE from the entered IP address, and doesn't account for "shifting" / non-permanent IP users. (Apologies, all of my alternative solutions fall back upon inspecting user-entered identification fields, which aren't consistently supported by guestbook packages...)
ttfn - Mike / Pax ... Kihe