blocking spam referer domain with web.config - web-config

I'm trying to block spam referer domains with web.config. I have it (mostly) working.
Here's the code I'm using:
<rule name="abort referer spam requests" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_REFERER}" pattern="(semalt\.com|Darodar\.com|Priceg\.com|7makemoneyonline\.com|Buttons\-for\-website\.com|Ilovevitaly\.com|Blackhatworth\.com|Econom\.co|Iskalko\.ru|Lomb\.co|Lombia\.co|hulfingtonpost\.com|cenoval\.ru|bestwebsitesawards\.com|o\-o\-6\-o\-o\.com|humanorightswatch\.org|forum20\.smailik\.org|myftpupload\.com|prodvigator\.ua|best\-seo\-solution\.com|Buttons\-for\-your\-website\.com|Buy\-cheap\-online\.info|offers\.bycontext\.com|website\-errors\-scanner\.com|webmaster\-traffic\.com|guardlink\.org|www\.event\-tracking\.com|trafficmonetize\.org|traffic\-paradise\.org|simple\-share\-buttons\.com|sharebutton\.org|s\.click\.aliexpress\.com|social\-buttons\.com|site12\.social\-buttons\.com|anticrawler\.org|adcash\.com|adviceforum\.info|cenokos\.ru|cityadspix\.com|edakgfvwql\.ru|gobongo\.info|kambasoft\.com|luxup\.ru|4webmasters\.org|get\-free\-traffic\-now\.com|Best\-seo\-offer\.com|Theguardlan\.com|www1\.social\-buttons\.com|netvibes\.com|webcrawler\.com|www\.get\-free\-traffic\-now\.com|sanjosestartups\.com|100dollars\-seo\.com|resellerclub\.com|savetubevideo\.com|screentoolkit\.com|seoexperimenty\.ru|slftsdybbg\.ru|socialseet\.ru|superiends\.org|vodkoved\.ru|websocial\.me|ykecwqlixx\.ru|76brighton\.co\.uk|paparazzistudios\.com\.au|powitania\.pl|sharebutton\.net|tasteidea\.com|descargar\-musica\-gratis\.net|torontoplumbinggroup\.com|cyprusbuyproperties\.com|ranksonic\.org|Googlsucks\.com|free\-share\-buttons\.com|securesuite\.co\.uk|securesuite\.net|www3\.free\-social\-buttons\.com|free\-social\-buttons\.com|sitevaluation\.org|howtostopreferralspam\.eu|symbaloo\.com|acads\.net|addons\.mozilla\.org\/en\-US\/firefox\/addon\/ilovevitaly\/|aliexpress\.com|anal\-acrobats\.hol\.es|brakehawk\.com|domination\.ml|event\-tracking\.com|forum69\.info|ilovevitaly\.co|ilovevitaly\.ru|iminent\.com|kabbalah\-red\-bracelets\.com|makemoneyonline\.com|masterseek\.com|o\-o\-6\-o\-o\.ru|o\-o\-8\-o\-o\.ru|ok\.ru|pornhub\-forum\.ga|pornhub\-forum\.uni\.me|prlog\.ru|ranksonic\.info|rapidgator\-porn\.ga|sexyteens\.hol\.es|smailik\.org|youporn\-forum\.ga|youporn\-forum\.uni\.me|.*monetiz.*|semaltmedia\.com)" />
</conditions>
<action type="AbortRequest" />
</rule>
It is blocking all the domains except webmonetizer.net.
my question:
How is webmonetizer.net getting through? In the code above I've included
.*monetiz.*
I've tested this in fiddler too, and it's being blocked. It gets a 504 response when I test my site (www.myirelandtour.com), so I thought that would have stopped it?
User-Agent: Fiddler
Referer: webmonetizer.net
Host: www.myirelandtour.com
I'm still seeing webmonetizer.net as a referer in my google analytics, any ideas why or how to stop that? Thanks!

Most of the spammers in Google Analytics never access your site so any server solution like web.config or the htaccess file won't work
This type of spam is known as Ghost because it never reaches your site, the only way to stop it is by using filters in GA.
You may get confused and think the web.config rules block it because Ghost spam usually shows only for a few days. Sometimes it comes back sometimes it doesn't.
The other type of spam "Crawlers" can be blocked from there, but there are just a few of them compared to the Ghosts, from your list only semalt, buttons-for-website and few more.
You can find a guide to create the filters and more information on this related answers
https://stackoverflow.com/a/28354319/3197362
https://webmasters.stackexchange.com/a/80927/49561
Hope it helps,

I use the following code in my web.config (well I imported my .htaccess file into a Windows server, and it converted it to this):
<rule name="Imported Rule 1">
<match url=".*" ignoreCase="false" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_REFERER}" pattern="^http://.*semalt\.com" />
<add input="{HTTP_REFERER}" pattern="^http://.*buttons-for-website\.com" />
<add input="{HTTP_REFERER}" pattern="^http://.*7makemoneyonline\.com" />
<add input="{HTTP_REFERER}" pattern="^http://.*webmonetizer\.net" />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="Forbidden" />
</rule>
I did this in January, and the referers still don't show up in Google Analytics.

Related

IIS 10 URL redirect from one domain to another

I would like to redirect a specific site from one domain to another and i have tried the following URL redirect. Not sure where i am going wrong.
I have an app at http://www.a.b.com/myapp/index.aspx
I would like to redirect it to
http://www.a.c.com/myapp/index.aspx
<rule name="testredirect" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^myapp/index.aspx$" />
<action type="Redirect" url="http://www.a.c.com/{R:0}" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www.a.b.com$" />
</conditions>
</rule>
The rule work perfectly on my side. Please try to clean browser cache and post your detailed error message. Please ensure you are running the rule in the right place and has been enabled.
Besides, please check whether the incoming request is reaching the correct application pool.

Need to get a site redirecting both to www and https

Parts of other answers on Stack Overflow worked, other parts didn't, so I thought I would ask for the full solution including IIS settings re bindings.
I have a site (old ASP classic) that is being moved to IIS 8 (2012).
The site works when testing it from my hosts file.
At the moment I can only get it to redirect http to https not non www requests to www.example.com as well.
So I have 2 bindings in IIS (80/433) for www.example.com, I also tried it with another set without the www. e.g example.com but then I got errors such as the system is trying to process your request in such a way it won't return e.g following redirects around in a circle etc.
I am not so sure if that was about the 2 lots of bindings or the rules it was getting a bit messy then. So I need the whole approach from IIS binding setup and web.config rules (or is there a better way in IIS 8 to force all 80 traffic to port 443?)
I already have a number of ISAPI rules in my web.config file such as
<rule name="Order" stopProcessing="false">
<match url="^applications/order/?$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="plugins/order.asp" />
</rule>
<rule name="Robots 1" stopProcessing="false">
<match url="^robotstxt\.asp$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="robottxt.asp" />
</rule>
<rule name="Robots 2" stopProcessing="false">
<match url="^robotstxt$" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="robottxt.asp" />
</rule>
So when I read up I saw about people trying to to do both rules at once or in two sets but it just never managed to work foe me.
I need non http requests to go to https
and for non www requests to go to www.example.com e.g https://www.example.com
At the moment it's partially working but only because I am not trying the non www. redirects.
I have 2 bindings for the www.example.com hostnames and this one rule at the top.
<rule name="Redirect to HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{HTTPS}" pattern="^OFF$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
</rule>
So all the rules are working including the http to https. However I need non www rules to work as well.
To get it to keep the rest of my rules AND to get it to ALSO redirect non www. traffic to www.example.com e.g https://www.example.com. What is the best way to do this.
Do I need another pair of bindings set up without www. e.s example.com for 80/443?
Then, what rules do I add in and what order do they need to be as int .htacces they are processed top to bottom in loops an I just wonder with IIS way there is also a logical path that could trip it over causing infinite loops.
I think adding the include is what I would do if you needed to get on top of this very quickly. Use a search and replace program to add the include tag into all of your pages:
<!--#include file="redirect.asp"-->
Then create the "redirect.asp" with something similar to below:
<%
webDomain=LCase(Request.ServerVariables("HTTP_HOST"))
scriptname=Request.ServerVariables("SCRIPT_NAME")
If InStr(webDomain,"https://www.example.com")=0 Then
Response.Status="301 Moved Permanently"
Response.AddHeader "Location", "https://www.example.com" & scriptname
End If
%>
You may need to tweak that a bit but its the basics of a coded redirect anyway.

Creating a IIS Url Rewrite/Redirect

Im struggling to get a url rewrite/redirect to work in IIS. I've installed the url rewrite module and all the rules fail to do anything. Here is the scenario, we want all web requests which generate a report to be pushed off to a secondary server so it doesn't harm the main box. The web requests that generate reports look something like this:
http://mywebaddress/api/Actionname=GenerateReport&param=123
So im wanting to do some type of regex check on finding any web requests that have "GenerateReport" in it and redirect it to something like:
http://mywebaddressofsecondserver/api/Actionname=GenerateReport&param=123
Any ideas on how the redirect/rewrite would go for this?
You need to check if REQUEST_URI contains Actionname=GenerateReport.
If so, you'll redirect it to other webserver url equivalent.
Translated to an IIS rewrite rule, it would look like this
<rule name="Delegate report generation" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{REQUEST_URI}" pattern="Actionname=GenerateReport" />
</conditions>
<action type="Redirect" url="http://mywebaddressofsecondserver/{R:1}" />
</rule>
Thanks, Justin Iurman,
Your answer solved my issue of getting methods
http://mywebaddress/api/Param/Action1
http://localserverwithport/api/Param/Action1
but for below Post methods it's still giving 404 not found
http://mywebaddress/api/Param/PostAction2
http://localserverwithport/api/Param/PostAction2
Post parameters are:
{"Param1":"James","Param2":"jani"}
My implementation is
'<system.webServer>
<rewrite>
<rules>
<rule name="Rewrite Rule1" >
<match url="^(.*)" />
<action type="Redirect" url="http://localserverwithport/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>'

301 Redirect one domain to another using web.config

I have multiple domains pointing to one hosting location.
I wish to establish one of the domains as my main domain and therefore I wish to perform a 301 redirect to this main domain whenever a user accesses my site from a secondary domain.
For example:
www.example.com
This is my main domain. I want all other domains associated with my site to redirect to here.
If a user comes in on:
www.test.com or
www.test.com/anypage
etc.
Then I want the user to be redirected to the example version of that page.
How do I do this using the web.Config file of my application? The reason I ask is that usually my web hosting provider has a tool in their back office that allows me to setup this redirect however, our client has opted for a different hosting provider that do not provide such a tool.
I have attempted to do this redirect using the following code but it doesn't seem to work:
<rule name="Canonical Host Name" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^test\.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}}" redirectType="Permanent" />
</rule>
My application is an Umbraco powered site and so has several system.webServer entries in the web.config file. It may just be the case that I have entered this code in the wrong place but any help here would be greatly appreciated as I am only used to doing 301 redirects in .htaccess files.
This is not really that umbraco related but I think what you want to do is this:
<rewrite>
<rules>
<rule name="redirect" enabled="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" negate="true" pattern="^www\.example\.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
Match all urls unless the host name part is exactly www.example.com - and redirect those to www.example.com/whatever.

url rewrite/redirect on iis7 redirect to mobile site

I have made all of my mobile folder/pages structure like the desktop version.
I need to make sure all the requests from mobile devices will be re-directed to a mobile domain.
what I would like to do is if a URL is opened from a mobile device like this: http://www.example.com/test/test.asp will be redirected to http://m.example.com/test/test.asp
this question might be asked before but I need to make sure it works.
Thanks very much
I had the same problem and solve it.
<rule name="Mobile Redirect" stopProcessing="true">
<match url="(.*)" ignoreCase="true" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{HTTP_USER_AGENT}" pattern="midp|mobil|phone" />
<add input="{HTTP_X-Device-User-Agent}" pattern="midp|mobil|phone" />
<add input="{HTTP_X-OperaMini-Phone-UA}" pattern="midp|mobil|phone" />
</conditions>
<action type="Redirect" url="http://m.yoursite.com/{R:1}" appendQueryString="true" />
</rule>
Take a look here:
http://forums.iis.net/t/1169853.aspx
This amends your web config to redirect -- not sure if it can be used on the page level, but it might be a good start.