Trying to block direct access to a drupal URL

[Richard Grevers]

[Resolved] Trying to block direct access to a drupal URL

I have a problem with one URL on my server getting 250,000+ hits a month from spambots trying to register for the site. Although we are using a Drupal 7 module to detect and ignore those bots, that still results in the site serving two full pages to each one, which is exceeding our International Traffic Quota and costing $$
I've put

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?permaculture\org\nz/ [NC]
RewriteRule ^user/register - [L,F]

in the domain's vhost.conf and run the updater, but direct requests or links from other sites are still working. I'm trying to figure whether that's a Plesk problem, a Drupal problem or some combination.

(Plesk Panel 10.4.4. on CentOS/Apache)

 

[Faris Raouf]

you seem to be missing a . before the org and the nz.

Also this doesn't belong in vhost.conf, it belongs in an .htaccess - maybe that's the problem?

 

[Richard Grevers]

Hi,
I forgot I had posted about this in this forum as well.

you seem to be missing a . before the org and the nz.

Also this doesn't belong in vhost.conf, it belongs in an .htaccess - maybe that's the problem?

Yes, I spotted the dot problem - and then once I realised the directory didn't exist I moved it to the Virtual URL rewriting block in the .htaccess

In the end the attacks turned out to be more widespread, and we've put the site on Cloudflare.