I'm trying to block access to my website depending on whether a visitor had visited the site through another website. The latter has been using up my traffic by using an iframe to display content through his site, masking my site's identity.
I have mod_env_if activated in apache2.
ErrorDocument 403 /error403.html
SetEnv noaccess=0
SetEnvIf Referer "^http://sitetoblock\.tk/" noaccess=1
SetEnvIf Referer "^http://www\.sitetoblock\.tk/" noaccess=1
<FilesMatch "\.(gif|png|jpe?g|php|html)$">
Order Allow,Deny
Deny from env=noaccess
</FilesMatch>
The problem is that this directive is blocking all traffic including direct visitors to the site. What am I doing wrong?
You need to escape out the dots in the urls, like:
In your configuration, default access state is "Deny" because you have "Order Allow,Deny". Change the Order to "Deny, Allow" so you can explicitly deny access based on your referer check.