protect your valuable server resources for genuine clients..
(c) 2004->tomorrow! cor + corz.org ;o)
Thanks to everyone who gave feedback on the betas!
+ Improved checking for malformed referer information.
+ SEO-Aware "magic" index requests.
+ Added the ability to disable access for bad URL's, like /etc/passwd
+ Added ability to validate User Agent strings, to protect against
known bad bots, spiders and so forth.
+ You can now also disallow access to client who send an empty user
+ Added ability to ban IP Addresses from a simple IP Address list.
+ Added the ability to validate referers and white/black list good
and bad referers. There's a couple of new preferences (it's always
worth checking new versions of software for new preferences!) and
a fair chunk of new code.
Search from the top for 'validate_referers' for all the juicy
~ Fixed a bug where new visitors could have their hammer count set to
/almost/ the first trigger level.
~ Minor fix for potentially logging error.
Enter Anti-Hammer Pro..
+ The Data set used to create the individual client ID's can now be
easily configured (a simple list). You can use everything (the
default), or else identify clients by a smaller set of data, even
a single element, i.e. the IP address, which could be useful in a
number of situations.
+ Improved documentation.
~ Minor clean-ups and fixes.
-=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=-
The end of the line for Ant-Hammer FREE!
+ You now have the option to perform a quick DNS lookup of the
IP Address of bad clients, and have this added to the logging.
This was already enabled, you now have the option to *disable* it,
+ Anti-Hammer now send a valid "Retry-After" header, which is set to
the client's current hammer delay + 1 second.
+ Added a link to the Anti-Hammer page, should lessen the wtf-factor.
+ You can now choose whether to allow your specified clients (aka
"exemptions") to either completely bypass anti-hammer (current
$anti_hammer['allow_bots'] = true;
Or else specify an integer, representing a hammer_time, in
1/100th Second, which will apply to *only* these clients..
$anti_hammer['allow_bots'] = 50;
This setting would enable your specified clients to hammer the site
at a rate of two hits-per-second, but no faster.
Effectively, we now have two hammer rates, one for known good
clients, and one for everyone else.
+ Good bots & spiders can now be allowed to bypass the hammer. This is
achieved through the use of standard spider IP lists, as published
along with a simple ini file, detailing which user-agent links to
which IP list. A working ini, and more details, will be included in
the preference section (above), as well as the release.
+ Anti-Hammer now sends a proper 503 (service temporarily unavailable)
message, rather than a 200 OK message. This will be useful in
situations where valid bots are temporarily hammering, and is more
correct in this scenario. The reource *will* be back, if they cut
out the crazy hammering!
If you are running under cgi