Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
Thread: php and bot protection
03-07-2014, 07:09 PM #1
- Join Date
- Sep 2002
- Thanked 23 Times in 23 Posts
php and bot protection
I keep going back to this for some reason. I've been to numerous pages on the internet about how to combat
bots. Each wants you to check and see if the HTTP_USERAGENT is a bot. Doesn't this seem kinda backwards
from the normal way things are checked? I mean instead of checking a mega long list of bad bots or having to add
each and every one to an htaccess file, shouldn't we just be checking the useragent or servename against an 'accepted'
list of urls and send the rest back? Like a login check does or a doorman at a club? You ain't on the list, go home!
Just wondering since new bots come out every day. And which is better to compare useragent or servername?
Just seems like there should be an easier way.
03-10-2014, 04:35 PM #2
- Join Date
- Sep 2002
- Saskatoon, Saskatchewan
- Thanked 2,662 Times in 2,631 Posts
Blacklisting is typically easier to maintain than whitelisting is, but again it depends completely on purpose.
Its simply the assumption that everything is good until you need to say its not good. It allows everyone to play ball until you say otherwise.
If you whitelist instead, you say that nobody can play ball until you've said they can. That means if you don't keep on top of it, potentially nobody can play when new browsers are rolled out.
Of course this only applies to bots that want to play ball, but decide they'll ask. Nothing makes me identify myself as anything more than I want to. I could identify myself as "Fou-Lu's Chariot" if I wanted to, and the same applies to bots which I can identify as "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0" if I wanted to.
Also, $_SERVER['SERVER_NAME'] refers to the apache server name. Any request should have the same information from the same script which should be your domain name. Useragent is provided by the client and is optional.
Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)PHP Code:
header('HTTP/1.1 420 Enhance Your Calm');