protect your valuable server resources for genuine clients..
(c) 2004->tomorrow! cor + corz.org ;o)
Thanks to everyone who gave feedback on the betas!
+ Improved checking for malformed referer information.
+ SEO-Aware "magic" index requests.
+ Added the ability to disable access for bad URL's, like /etc/passwd
+ Added ability to validate User Agent strings, to protect against
known bad bots, spiders and so forth.
+ You can now also disallow access to client who send an empty user
+ Added ability to ban IP Addresses from a simple IP Address list.
+ Added the ability to validate referers and white/black list good
and bad referers. There's a couple of new preferences (it's always
worth checking new versions of software for new preferences!) and
a fair chunk of new code.
Search from the top for 'validate_referers' for all the juicy
~ Fixed a bug where new visitors could have their hammer count set to
/almost/ the first trigger level.
~ Minor fix for potentially logging error.
Enter Anti-Hammer Pro..
+ The Data set used to create the individual client ID's can now be
easily configured (a simple list). You can use everything (the
default), or else identify clients by a smaller set of data, even
a single element, i.e. the IP address, which could be useful in a
number of situations.
+ Improved documentation.
~ Minor clean-ups and fixes.
-=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=- -=-
The end of the line for Ant-Hammer FREE!
+ You now have the option to perform a quick DNS lookup of the
IP Address of bad clients, and have this added to the logging.
This was already enabled, you now have the option to *disable* it,
+ Anti-Hammer now send a valid "Retry-After" header, which is set to
the client's current hammer delay + 1 second.
+ Added a link to the Anti-Hammer page, should lessen the wtf-factor.
+ You can now choose whether to allow your specified clients (aka
"exemptions") to either completely bypass anti-hammer (current
$anti_hammer['allow_bots'] = true;
Or else specify an integer, representing a hammer_time, in
1/100th Second, which will apply to *only* these clients..
$anti_hammer['allow_bots'] = 50;
This setting would enable your specified clients to hammer the site
at a rate of two hits-per-second, but no faster.
Effectively, we now have two hammer rates, one for known good
clients, and one for everyone else.
+ Good bots & spiders can now be allowed to bypass the hammer. This is
achieved through the use of standard spider IP lists, as published
along with a simple ini file, detailing which user-agent links to
which IP list. A working ini, and more details, will be included in
the preference section (above), as well as the release.
+ Anti-Hammer now sends a proper 503 (service temporarily unavailable)
message, rather than a 200 OK message. This will be useful in
situations where valid bots are temporarily hammering, and is more
correct in this scenario. The reource *will* be back, if they cut
out the crazy hammering!
If you are running under cgi
Welcome to corz.org!
Since switching hosts (I hope you are alright, Ed! Wherever you are …) quite a few things seems to be wonky.
Juggling two energetic boys (of very different ages) on Coronavirus lockdown, I'm unlikely to have them all fixed any time soon. Mail me! to prioritise!