PEAK XOOPS - Re: Xoops Protector 2.54a 
Re: Xoops Protector 2.54a
- As this forum is only for commentation, you cannot open a new topic
- Guests cannot post into this forum
| Target | Downloads |
| Subject | Xoops Protector 2.57 |
| Summary | これはすでにメンテナンスされていない旧バージョンです。最新版をご利用ください。●要旨Xoops Protector は、XOOPS2 を様々な悪意ある攻撃から守るためのモジュールです。このモジュールでは、以下の攻撃を防ぎます。- DoS- 悪意あるクローラー(メール収集ボットなど)... |
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/12/22 8:07
tl
Posts: 84
Posts: 84
GIJOE:
Any plan adding an option against prefetch. Currently, DOS would be triggered if preftech were enabled. But the problem is that prefetch would continue to go through all the links regardless. It would be great if prefetch were detected, Protector would immediately stop rendering to the browser and maybe a warning message to the user (immediately replacing what the page they are seeing).
Is this possible?
tl
Any plan adding an option against prefetch. Currently, DOS would be triggered if preftech were enabled. But the problem is that prefetch would continue to go through all the links regardless. It would be great if prefetch were detected, Protector would immediately stop rendering to the browser and maybe a warning message to the user (immediately replacing what the page they are seeing).
Is this possible?
tl
Votes:4
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
hi tl.
Quote:
It is possible if the client sends "This access is prefetch".
Do you mean google or the other reliable application service ?
If so, they tell us "This access is prefetch" by sending HTTP_USER_AGENT or the other HTTP request header.
I'm sorry that I'm not familier with such informations.
Quote:
Any plan adding an option against prefetch. Currently, DOS would be triggered if preftech were enabled. But the problem is that prefetch would continue to go through all the links regardless. It would be great if prefetch were detected, Protector would immediately stop rendering to the browser and maybe a warning message to the user (immediately replacing what the page they are seeing).
Is this possible?
It is possible if the client sends "This access is prefetch".
Do you mean google or the other reliable application service ?
If so, they tell us "This access is prefetch" by sending HTTP_USER_AGENT or the other HTTP request header.
I'm sorry that I'm not familier with such informations.
Votes:0
Average:0.00
tl
Posts: 84
Posts: 84
Firefox 1.0.7 has the prefetch as default and I have been able to deny any firefox 1.0.7 access by adding the following lines into .htaccess
I have also added the following lines into header.php
It seems not working. Firefox 1.5 with prefetch on will continue the crawling through all the links except it is getting 403 denied (I am not sure if it is because of the codes or the the lines in .htaccess - I have not done the test).
If protector could detect "prefetch", then it would be great if it could stop the crawling right away so no valuable resource get wasted by prefetch.
I am seriously thinking of banning firefox all together (including those with prefetch off) because of this extremly abusive feature.
RewriteCond %{HTTP:x-moz} ^prefetch [OR]
RewriteCond %{X-moz} ^prefetch
I have also added the following lines into header.php
//stop prefetching
if ((isset($_SERVER['HTTP_X_MOZ'])) && ($_SERVER['HTTP_X_MOZ'] == 'prefetch')) {
header('HTTP/1.0 403 Forbidden');
echo '403: Forbidden<br><br>Prefetching not allowed.';
exit;
}
It seems not working. Firefox 1.5 with prefetch on will continue the crawling through all the links except it is getting 403 denied (I am not sure if it is because of the codes or the the lines in .htaccess - I have not done the test).
If protector could detect "prefetch", then it would be great if it could stop the crawling right away so no valuable resource get wasted by prefetch.
I am seriously thinking of banning firefox all together (including those with prefetch off) because of this extremly abusive feature.
Votes:2
Average:0.00
Login