Author

Topic: 0.01 BTC for the first resolve this problem (Read 607 times)

full member
Activity: 350
Merit: 105
October 11, 2017, 03:13:32 PM
#8
SetEnvIf CF-Connecting-IP "127.0.0.1" AllowIP
SetEnvIf CF-Connecting-IP "127.0.0.2" AllowIP
order deny,allow
deny from all
allow from env=AllowIP
hero member
Activity: 696
Merit: 500
October 11, 2017, 08:46:35 AM
#7
still looking for a solution please
newbie
Activity: 49
Merit: 0
October 03, 2017, 07:53:08 PM
#6

I'm running a 123flashchat version on my server and everything works fine.

Users can visit our chat via http://example.com or via direct SWF (Flash app) like http://example.com/123flashchat.swf
using random port 51127.

For security reasons we need to deny some users from accessing our chat via this link :

127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127

That means some users can access to our chat without visiting our website, all they do is install 123flashchat in their home PC, and login to our chat with the 127.0.0.1 shown above.

Question :


    How to block 127.0.0.1 requests? (force all users login via http://example.com).

Or else

    How to block incoming requests from referrer? :
    127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127

What I've tried...

    Editing Flash policy file crossdomain.xml (Flash equivalent of CORS policy).

    Tried editing .htaccess.

    Tried everything but can't stop them from spamming into our chat.


first one who can resolve this will pay 0.01BTC after successful resolved in our VPS
my VPS  is linux centos + WHM/CPANEL


Since you have a VPS, this can be done pretty easily by editing/creating a VirtualHost File.

Code: (Change example.com with your domain name)

Quote


    Redirect permanent / http://www.example.com/


There's no need to edit .htaccess file.

Here is a link that might help you in this process: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-centos-7
You can PM me if you have any questions.

hero member
Activity: 696
Merit: 500
October 03, 2017, 05:00:00 PM
#5
Maybe this solution?

# block visitors referred from indicated domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} baddomain01\.com [NC,OR]
RewriteCond %{HTTP_REFERER} baddomain02\.com [NC]
RewriteRule .* - [F]
Or even this solution

To ban an IP address from accessing your website, create a .htaccess file within your root directory (usually public_html or www) and add the following configuration in the file:

order allow,deny
deny from 127.0.0.1
allow from all

Actually your sever does not store cookies due to which the server can't identify banned users.

To block multiple referrer, you can simply try one of the srings below:


RewriteEngine On
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} example\.net [NC]
RewriteRule .* - [F]


or


SetEnvIfNoCase Referer "example\.com" bad_referer
SetEnvIfNoCase Referer "example\.net" bad_referer 

Order Allow,Deny
Allow from ALL
Deny from env=bad_referer



i try it but still bad users access to my chat via
127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127

this is my .htaccesss file
Code:
order allow,deny
allow from all
deny from 127.0.0.1
deny from 93.X.X.X # <--- this is my windows server to test this ip wads blocked yes but the 127.0.0.1 not blocked

RewriteEngine on
RewriteCond %{HTTP_REFERER} 127.0.0.1 [NC]
RewriteCond %{HTTP_REFERER} localhost [NC]
RewriteRule .* - [F]


# Redirect www to non-www first
  RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
  RewriteRule ^(.*) https://%1/$1 [R=301,NE,L]

  # Then redirect http to https (if necessary)
  RewriteCond %{HTTPS} off
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,L,R=301]

RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* ? [F,L]

# BEGIN Compress text files

 
    SetOutputFilter DEFLATE
 


# END Compress text files
# BEGIN Expire headers

  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType image/x-icon "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
  ExpiresByType text/html "access plus 600 seconds"
  ExpiresByType application/xhtml+xml "access plus 600 seconds"

# END Expire headers

# BEGIN Cache-Control Headers

 
    Header set Cache-Control "max-age=2592000, public"
 

 
    Header set Cache-Control "max-age=604800, public"
 

 
    Header set Cache-Control "max-age=216000, private"
 

 
    Header set Cache-Control "max-age=216000, private, must-revalidate"
 


# END Cache-Control Headers

# BEGIN Turn ETags Off

  Header unset ETag

FileETag None
# END Turn ETags Off

# BEGIN Remove Last-Modified Header

  Header unset Last-Modified

# END Remove Last-Modified Header


order allow,deny
allow from all
deny from 93.X.X.X #<--- when adding my windows server IP here its not blocked and i can login to chat
deny from 127.0.0.1  #<--- not blocked i can login via the link


RewriteRule .*\.()$ - [F,NC]
hero member
Activity: 924
Merit: 511
October 03, 2017, 01:55:25 PM
#4
Actually your sever does not store cookies due to which the server can't identify banned users.

To block multiple referrer, you can simply try one of the srings below:


RewriteEngine On
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteCond %{HTTP_REFERER} example\.net [NC]
RewriteRule .* - [F]


or


SetEnvIfNoCase Referer "example\.com" bad_referer
SetEnvIfNoCase Referer "example\.net" bad_referer 

Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
sr. member
Activity: 602
Merit: 263
October 03, 2017, 01:39:58 PM
#3
Or even this solution

To ban an IP address from accessing your website, create a .htaccess file within your root directory (usually public_html or www) and add the following configuration in the file:

order allow,deny
deny from 127.0.0.1
allow from all
sr. member
Activity: 602
Merit: 263
October 03, 2017, 01:38:43 PM
#2
Maybe this solution?

# block visitors referred from indicated domains
RewriteEngine on
RewriteCond %{HTTP_REFERER} baddomain01\.com [NC,OR]
RewriteCond %{HTTP_REFERER} baddomain02\.com [NC]
RewriteRule .* - [F]
hero member
Activity: 696
Merit: 500
October 03, 2017, 01:24:45 PM
#1

I'm running a 123flashchat version on my server and everything works fine.

Users can visit our chat via http://example.com or via direct SWF (Flash app) like http://example.com/123flashchat.swf
using random port 51127.

For security reasons we need to deny some users from accessing our chat via this link :

127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127

That means some users can access to our chat without visiting our website, all they do is install 123flashchat in their home PC, and login to our chat with the 127.0.0.1 shown above.

Question :


    How to block 127.0.0.1 requests? (force all users login via http://example.com).

Or else

    How to block incoming requests from referrer? :
    127.0.0.1:35555/lite.swf?init_host=example.com&init_port=51127

What I've tried...

    Editing Flash policy file crossdomain.xml (Flash equivalent of CORS policy).

    Tried editing .htaccess.

    Tried everything but can't stop them from spamming into our chat.


first one who can resolve this will pay 0.01BTC after successful resolved in our VPS
my VPS  is linux centos + WHM/CPANEL
Jump to: