Re: [cobalt-users] securing your website

[spamcatcher <spamcatcher@xxxxxxxxx>]

Try blocking access based on the name of the browsers. Some popular 
rippers I've noticed in the logs are "SiteSnagger", "WebStripper", and 
"MSIECrawler." The browser will get a nice "access denied" message from 
Apache when they try to hit your site. You can also add a customer script 
to handle the error and explain to them why they can't access your site. 
Or you can be evil and just sit back and enjoy the show as the loser 
access your server with a regular browser, then with the ripper, then the 
regular browser, then the ripper and try to figure out why their browser 
works but not the ripper.

You can try adding the following in your access.conf file:

BrowserMatch browsername some_var

and then in the <Directory /path/to/your/site> block of the same file, 
add:
deny from env=some_var

for example, you'll need to add the following to your access.conf if 
MSIECrawler and WebStripper are the rippers and you want to protect your 
main server directory:

BrowserMatch MSIECrawler blocked
BrowserMatch WebStripper blocked

look for the following:
<Directory /home/sites/home/>

and add this line between the <Driectory...> </Directory> tags:
deny from env=blocked

now go and restart Apache.

>Asif Bashir wrote:
>> 
>> What is the best method to protect your website from utilities such as
>> offline explorer, which allow users to download your website for off-line
>> browsing?
> 
>Pull out the Ethernet cable.
>
>I believe there are some evil Javascript hacks out there that mess up 
>*most* browsers' attempts to save files to disk.
>
>But fundamentally either your webserver responds to GET requests or
>it doesn't.  If it doesn't, you don't have a website.  If it does, I
>can hoover off your website and view it off-line.
>
>_______________________________________________
>cobalt-users mailing list
>cobalt-users@xxxxxxxxxxxxxxx
>To Subscribe or Unsubscribe, please go to:
>http://list.cobalt.com/mailman/listinfo/cobalt-users
>