Title: 0.01 BTC for the first resolve this problem Post by: radhwane on October 03, 2017, 06:24:45 PM I'm running a 123flashchat version on my server and everything works fine. Users can visit our chat via http://example.com or via direct SWF (Flash app) like http://example.com/123flashchat.swf using random port 51127. For security reasons we need to deny some users from accessing our chat via this link : 127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127 That means some users can access to our chat without visiting our website, all they do is install 123flashchat in their home PC, and login to our chat with the 127.0.0.1 shown above. Question : How to block 127.0.0.1 requests? (force all users login via http://example.com). Or else How to block incoming requests from referrer? : 127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127 What I've tried... Editing Flash policy file crossdomain.xml (Flash equivalent of CORS policy). Tried editing .htaccess. Tried everything but can't stop them from spamming into our chat. first one who can resolve this will pay 0.01BTC after successful resolved in our VPS my VPS is linux centos + WHM/CPANEL Title: Re: 0.01 BTC for the first resolve this problem Post by: Lipe490 on October 03, 2017, 06:38:43 PM Maybe this solution?
# block visitors referred from indicated domains RewriteEngine on RewriteCond %{HTTP_REFERER} baddomain01\.com [NC,OR] RewriteCond %{HTTP_REFERER} baddomain02\.com [NC] RewriteRule .* - [F] Title: Re: 0.01 BTC for the first resolve this problem Post by: Lipe490 on October 03, 2017, 06:39:58 PM Or even this solution
To ban an IP address from accessing your website, create a .htaccess file within your root directory (usually public_html or www) and add the following configuration in the file: order allow,deny deny from 127.0.0.1 allow from all Title: Re: 0.01 BTC for the first resolve this problem Post by: h0lybyte on October 03, 2017, 06:55:25 PM Actually your sever does not store cookies due to which the server can't identify banned users.
To block multiple referrer, you can simply try one of the srings below: RewriteEngine On RewriteCond %{HTTP_REFERER} example\.com [NC,OR] RewriteCond %{HTTP_REFERER} example\.net [NC] RewriteRule .* - [F] or SetEnvIfNoCase Referer "example\.com" bad_referer SetEnvIfNoCase Referer "example\.net" bad_referer Order Allow,Deny Allow from ALL Deny from env=bad_referer Title: Re: 0.01 BTC for the first resolve this problem Post by: radhwane on October 03, 2017, 10:00:00 PM Maybe this solution? # block visitors referred from indicated domains RewriteEngine on RewriteCond %{HTTP_REFERER} baddomain01\.com [NC,OR] RewriteCond %{HTTP_REFERER} baddomain02\.com [NC] RewriteRule .* - [F] Or even this solution To ban an IP address from accessing your website, create a .htaccess file within your root directory (usually public_html or www) and add the following configuration in the file: order allow,deny deny from 127.0.0.1 allow from all Actually your sever does not store cookies due to which the server can't identify banned users. To block multiple referrer, you can simply try one of the srings below: RewriteEngine On RewriteCond %{HTTP_REFERER} example\.com [NC,OR] RewriteCond %{HTTP_REFERER} example\.net [NC] RewriteRule .* - [F] or SetEnvIfNoCase Referer "example\.com" bad_referer SetEnvIfNoCase Referer "example\.net" bad_referer Order Allow,Deny Allow from ALL Deny from env=bad_referer i try it but still bad users access to my chat via 127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127 this is my .htaccesss file Code: order allow,deny Title: Re: 0.01 BTC for the first resolve this problem Post by: Stroustrup on October 04, 2017, 12:53:08 AM I'm running a 123flashchat version on my server and everything works fine. Users can visit our chat via http://example.com or via direct SWF (Flash app) like http://example.com/123flashchat.swf using random port 51127. For security reasons we need to deny some users from accessing our chat via this link : 127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127 That means some users can access to our chat without visiting our website, all they do is install 123flashchat in their home PC, and login to our chat with the 127.0.0.1 shown above. Question : How to block 127.0.0.1 requests? (force all users login via http://example.com). Or else How to block incoming requests from referrer? : 127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127 What I've tried... Editing Flash policy file crossdomain.xml (Flash equivalent of CORS policy). Tried editing .htaccess. Tried everything but can't stop them from spamming into our chat. first one who can resolve this will pay 0.01BTC after successful resolved in our VPS my VPS is linux centos + WHM/CPANEL Since you have a VPS, this can be done pretty easily by editing/creating a VirtualHost File. Code: (Change example.com with your domain name) Quote <VirtualHost *:80> Redirect permanent / http://www.example.com/ </VirtualHost> There's no need to edit .htaccess file. Here is a link that might help you in this process: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7 (https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7) You can PM me if you have any questions. Title: Re: 0.01 BTC for the first resolve this problem Post by: radhwane on October 11, 2017, 01:46:35 PM still looking for a solution please
Title: Re: 0.01 BTC for the first resolve this problem Post by: hynext on October 11, 2017, 08:13:32 PM SetEnvIf CF-Connecting-IP "127.0.0.1" AllowIP
SetEnvIf CF-Connecting-IP "127.0.0.2" AllowIP order deny,allow deny from all allow from env=AllowIP |