I uploaded this through 
November, 2008
24
Nov 08
How I block people from visiting a website
Inspired by the article Block a Website for Everyone But You over at CSS Tricks, I thought I’d post my way of blocking people from accessing my websites while I work on them.
Chris Coyier over at CSS Tricks uses the following code in his .htaccess file to block visitors.
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^71\.225\.113\.171
RewriteCond %{REMOTE_HOST} !^71\.185\.239\.212
RewriteCond %{REMOTE_HOST} !^69\.253\.223\.254
RewriteCond %{REQUEST_URI} !/comingsoon\.html$
RewriteRule .* /comingsoon.html [R=302,L]
What he’s doing there is checking for specific IP addresses that are allowed to see the website but everyone else is sent to the “comingsoon.html” webpage. This is great for people who have specific IP addresses but if you’re behind a proxy like I am at work then everyone else with you behind that proxy can still see the site.
I find it much easier to redirect everyone but check for a custom cookie that I can set using the Webdeveloper Firefox extension. That way I can check to make sure that the redirect to the maintenance page is actually working. Here’s the relevant code that I use (taken from a RoR tutorial of old)
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteCond %{HTTP_COOKIE} !^.*access_cookie=1.*$
RewriteRule ^.*$ /maintenance.html [L]
where the text “access_cookie” (sans quotes) would be whatever cookie name you want to use. I just create a “session cookie” set to a value of “1″ (or whatever you want to make it) and check for it’s existence.
That gets around the problem of DHCP granted or spoofed IP addresses. Sure a cookie is easy to add but if you make the name and/or value sufficiently difficult to guess, no one is getting in.
Now just add your cookie.
Note in the image that I have set it to be a “session cookie”. This helps when you forget to delete the cookie. Just close your tab (FF) or browser (IE), reopen it and the cookie will be gone.
Oh yeah. The other thing that my .htaccess code does is, on the first line, check for the existence of the “maintenance.html” file. I don’t want to have to add and remove this code everytime I want to take the site down. It’s much easier to just have this code permanently in my .htaccess file and then upload the file that people will see when the site is down. I then delete it when the site is ready to be reopened. This is all performed using a custom Capistrano command that I run when I’m ready to deploy a new version.
23
Nov 08
Wouldn’t it be easier to consolidate?
How many different types of hand grenades does JetBlue need to warn us
about before they can simply say ‘No hand grenades. Period!’? I would
think that would suffice.
I uploaded this through
12
Nov 08
To you who voted for Prop 8
I know you probably won’t watch this because after you “won” you would have stuck your head in the sand with fingers in your ears not wanting to see or listen to a dissenting opinion but it has to be said.
No picture from me but go visit my wife’s blog and she can tell you how we both feel. Keith Olberman (in the video above) says it incredibly well too. If you voted for Prop 8, or WOULD HAVE voted for Prop 8, you should be ASHAMED of yourself!
