In the article, we explain how to use .htaccess to deny site access to a wide range of proxy servers. The procedure works great, but some readers want to know how to allow access to specific proxy servers while denying access to as many other proxies as possible.
We may allow any requests coming from our whitelist of proxy servers by testing
Apache’s HTTP_REFERER variable, like so:
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-01.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-02.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-03.domain.tld(.*)
Notice the pattern here. Each line matches against the specified proxy server in the referrer variable. Once integrated into the original method, each of the three specified URI’s will be allowed access to your site. Thus, by editing these directives to match the name and number of your whitelisted proxy servers, you can allow access to any list of proxies or other referrers while blocking many of the others.
To integrate your customized whitelist RewriteCond with the original proxy-block method, simply place them near the end of the existing conditions, directly above the RewriteRule, like so:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:XROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$ [OR]
RewriteCond %{HTTP:FORWARDED-FOR} !^$ [OR]
RewriteCond %{HTTP:X-FORWARDED} !^$
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-01.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-02.domain.tld(.*)
RewriteCond %{HTTP_REFERER} !(.*)allowed-proxy-03.domain.tld(.*)
RewriteRule ^(.*)$ - [F]
</IfModule>
Just stop that bad visitor into your server’s httpd.conf file or the .htaccess file of your choice (generally the root htaccess file). Note that not all proxies reveal the information targeted in these directives, but many of them continue to do so. Thus, with this code in place, you will enjoy protection against unwanted proxies while allowing open access to the proxy servers or other referring domains of your choice.
The [OR] flags appended to the first eleven of the RewriteConditions cumulatively tell Apache something to the effect of “if any of these variables contain any value whatsoever, then invoke the specified RewriteRule”.
we also want to allow our choice of specific proxy servers. So, by appending the previously discussed whitelist directives to the list of RewriteCond .
If the client is not being sent via this proxy method OR this proxy method OR this proxy method OR this proxy method OR … this proxy method, AND the referrer is not allowed-proxy-01AND the referrer is not allowed-proxy-02 AND the referrer is not allowed-proxy-03, then invoke the specified RewriteRule.
