tags:

views:

22

answers:

3
Q: 

Question regarding sitemaps

I am storing my sitemaps in my web folder. I want web crawlers (Googlebot etc) to be able to access the file, but I dont necessarily want all and sundry to have access to it.

For example, this site (stackoverflow.com), has a site index - as specified by its robots.txt file (http://stackoverflow.com/robots.txt).

However, when you type http://stackoverflow.com/sitemap.xml, you are directed to a 404 page.

How can I implement the same thing on my website?

I am running a LAMP website, also I am using a sitemap index file (so I have multiple site maps for the site). I would like to use the same mechanism to make them unavailable via a browser, as described above.

A: 

You can check the user-agent header the client sends, and only pass the sitemap to known search bots. However, this is not really safe since the user-agent header is easily spoofed.

Sjoerd  2010-07-20 09:38:42
A: 

Stack Overflow presumably checks two things when deciding who gets access to the sitemaps:

  • The USER_AGENT string
  • The originating IP address

both will probably be matched against a database of known legitimate bots.

The USER_AGENT string is pretty easy to check in a server side language; it is also very easy to fake. More info:

Pekka  2010-07-20 09:38:44
A: 

First, decide which networks you want to get your actual sitemap.

Second, configure your web server to grant requests from those networks for your sitemap file, and configure your web server to redirect all other requests to your 404 error page.

For nginx, you're looking to stick something like allow 10.10.10.0/24; into a location block for the sitemap file.

For apache, you're looking to use mod_authz_host's Allow directive in a <Files> directive for the sitemap file.

sarnold  2010-07-20 09:44:23
@sarnold: this is definitely the way I want to go. user-agents are pretty easy to fake, so this has some appeal. I know its by no means a 'magic silver bullet', but I think it is (at least, marginally) more robust than server side logic involving user-agent strings. Could you please provide an example that will allow access to sitemap-index.xml and *.gz files in the web folder if the request is from google.com?
morpheous  2010-07-20 09:54:53
@Morpheous, the trick is finding the networks -- google crawls from googlebot.com, and who knows if they are kind enough to stick to single netblocks or if they use dozens of netblocks. I'd suggest looking through your logs and figuring out which ones you want to allow and which you want to deny.
sarnold  2010-07-20 10:12:30

related questions

Hide authorized menu item in asp.net web.sitemap
How do I get HTTPHandlers to work on Godaddy?
Is adding attributes to nodes in the web.sitmap a bad idea?
Search Engine Site Map Asp.Net
Should I put forum threads into my sitemap?
Link security trimming in asp.net mvc
Good URL strategy for sitemap and SEO
Generating a Visual Site Map of an Existing Site
how to create a site map/list
How to validate compliant XML sitemap?
Unit Testing SiteMapNode
Using Web.SiteMap with Dynamic URLS (URL Routing)
How do I create a Google Sitemap for my ASP.NET website?
What's wrong with my sitemap?
Creating a site map of an FTP site
How do I apply css to second level menu items?
Is there any way to use XmlSiteMapProvider within WinForm/Console/VSTest application?
How can I use multiple sitemap file without multiple root nodes
What is the Best Way to Populate a Menu Control on a Master Page
How do I filter nodes of TreeView and Menu controls with sitemap data sources based on user permissions?
ASP.NET LocationProvider
Can I generate ASP.NET MVC routes from a Sitemap?
How can I remove nodes from a SiteMapNodeCollection?
Generate sitemap on the fly
ASP.NET Site Maps