Blocking hostname if same as IP in .htaccess

Question

I've been noticing in my log files that sometimes the Hostname will be exactly the same as the Ip. I guessing that it's because there is no rDNS set. That being said, how can I block this in htaccess?

5/17/2014 01:44 PM | UA: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:29.0) Gecko/20100101 
Firefox/29.0 | IP: 50.58.251.66
HOST: 50.58.251.66 | REFERRER: (empty) | TOR: False | GET DATA: [] | POST DATA: []

My htaccess line.

RewriteCond %{REMOTE_HOST} ^%{REMOTE_ADDR} [NC,OR]

I've tested this and it does not seem to work. Seemed logical to me. Any thoughts?

Out of curiosity, _why_ would you want to block such requests? — CBroe, May 18 '14 at 05:24
I have an automated bad bot looking at my adwords listings and some of them are coming from bots that have this footprint — affiliatex, May 19 '14 at 16:11

anubhava · Answer 1 · 2014-05-21T05:43:21.313

0

You can use this rule to block these requests:

RewriteEngine On

RewriteCond %{REMOTE_HOST}::%{REMOTE_ADDR} ^(.+?)::\1$
RewriteRule ^ - [F]

edited May 21 '14 at 05:43

answered May 18 '14 at 04:47

anubhava

761,203
64
569
643

This seems to be catching ALL hosts that contain an IP address. – affiliatex May 20 '14 at 19:08
It does what your title says i.e. `Blocking hostname if same as IP in .htaccess`. If this is not what you want then clarify your question. – anubhava May 20 '14 at 19:51
My apologies, I thought I had clarified that in the contents. How can I block only if the Ip is the exact same as the hostname ( see log file above) – affiliatex May 20 '14 at 20:25
But every time you access your website by `http://xx.yy.zz.nn/` host_name is same as IP address. – anubhava May 20 '14 at 20:33
Not exactly. when I access a site or normal users do the come in like this `IP: 96.41.147.189 HOST: 96-41-147-189.dhcp.mdfd.or.charter.com` not like `IP: 50.58.251.66 HOST: 50.58.251.66` – affiliatex May 20 '14 at 21:07
I need to block if the IP is exactly the same as hostname, not just contains the IP – affiliatex May 20 '14 at 21:14
Well in that case above regex does exactly that. It will return 403 only for `if %{HTTP_HOST} == %{REMOTE_ADDR}` – anubhava May 20 '14 at 21:18
`%{HTTP_HOST} == %{REMOTE_ADDR}` this will match exactly the IP, not if it just contains it? – affiliatex May 20 '14 at 21:25
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/54069/discussion-between-affiliatex-and-anubhava). – affiliatex May 20 '14 at 21:27
It will do exact match due to use of anchors `^` and `$`. You can do separate testing of this regex in an online tester. See this demo: http://regex101.com/r/oQ4iY8 – anubhava May 20 '14 at 21:28
Just tried it on live traffic and it's slipping through :( – affiliatex May 21 '14 at 00:30
Provide data rather then not so useful comments. What ip and what host name? – anubhava May 21 '14 at 01:48
`5/20/2014 07:11 PM | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36 | IP: 204.17.143.10 HOST: 204.17.143.10 |` – affiliatex May 21 '14 at 03:49

Blocking hostname if same as IP in .htaccess

1 Answers1