Block Domains & Subdomains Using .htaccess

By  on  

A large focus of my redesign was improving site speed, and in doing so, I took a look at my site's error_log for the first time in a long time.  I was shocked when I found out that 90% of my site errors were either hacking attempts or hot-linked files from hundreds of different tumblr.com subdomains.  Thousands upon thousands of PHP fatal errors due to lack of memory saw me seeing red pretty quick -- no wonder I was having periodical speed issues!  Luckily this bit of .htaccess code allows me block all of those sites:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*tumblr\.com [NC]
RewriteRule .* - [F]
</IfModule>

These days I only see PHP notices in my error_log, and that makes me a very happy man.  I've also noticed less SPAM commenting, so maybe Tumblr is used a SPAM hub too?  Either way, blocking domains and subdomains did the trick for me!

Recent Features

  • By
    Create a CSS Flipping Animation

    CSS animations are a lot of fun; the beauty of them is that through many simple properties, you can create anything from an elegant fade in to a WTF-Pixar-would-be-proud effect. One CSS effect somewhere in between is the CSS flip effect, whereby there's...

  • By
    CSS Animations Between Media Queries

    CSS animations are right up there with sliced bread. CSS animations are efficient because they can be hardware accelerated, they require no JavaScript overhead, and they are composed of very little CSS code. Quite often we add CSS transforms to elements via CSS during...

Incredible Demos

  • By
    MooTools Equal Heights Plugin:  Equalizer

    Keeping equal heights between elements within the same container can be hugely important for the sake of a pretty page. Unfortunately sometimes keeping columns the same height can't be done with CSS -- you need a little help from your JavaScript friends. Well...now you're...

  • By
    CSS :target

    One interesting CSS pseudo selector is :target.  The target pseudo selector provides styling capabilities for an element whose ID matches the window location's hash.  Let's have a quick look at how the CSS target pseudo selector works! The HTML Assume there are any number of HTML elements with...

Discussion

  1. There are 2 issues with your solution:
    1) If a legit person linked to your blog from their Tumblr blog, people would see a Forbidden message. This is because you have your images under the same domain as the blog. Keeping them on the sub-domain would save your visitors from this.
    2) Security – probably a minor issue, but when you get a Forbidden message from Apache, you also get a path to the content you were forbidden to access. And since you are using WordPress with caching, the message looks as follows:

    Forbidden

    You don't have permission to access /wp-content/w3tc/pgcache//block-domain/_index_search_engines.html_gzip on this server.

    Apache/2.2.3 (CentOS) Server at davidwalsh.name Port 80

    • Thanks for sharing Shimon. Per your points:

      1. If it’s only specific subdomains hurting you, listing them one by one would be best, I agree. In my case, I don’t care if legit Tumblr sites are linking to me. :)

      2. I’ll look into the Forbidden issue — thanks!

  2. Korri

    Wow. blocking anyone comming from tumblr seems pretty extreme to me, you could at least add a RewriteCond to block only static content.

  3. Bob

    Seems like a lot of work, when this doesn’t even require mod_rewrite:

    deny from .tumbler.com

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!