Forum
Is it possible to Ban/Reject against HTTP_USER_AGENT?
Chris
27 June 2016, 20:18
Greetings all,
I'm evaluating Hiawatha as a potential candidate to replace the current HTTPd on some ~60 servers I maintain.
I am also the current Maintainer for the FreeBSD Hiawatha port. My question is; given the ineffectiveness in banning
nefarious Bots by IP. I'm hoping to do so by way of HTTP_USER_AGENT, with the tools available in Hiawatha. I've
spent some time attempting to untangle the hiawatha man page to accomplish this, but to no avail.
Is this possible? Has anyone (successfully) accomplished this? Or am I required to insert an RE to match against
in every header sent, in Perl?
A possible way via tha hiawatha config, might be along the lines of:
Match %{HTTP_USER_AGENT} ^MegaIndex DenyAccess
Thank you for all your time, and consideration.
--Chris
I'm evaluating Hiawatha as a potential candidate to replace the current HTTPd on some ~60 servers I maintain.
I am also the current Maintainer for the FreeBSD Hiawatha port. My question is; given the ineffectiveness in banning
nefarious Bots by IP. I'm hoping to do so by way of HTTP_USER_AGENT, with the tools available in Hiawatha. I've
spent some time attempting to untangle the hiawatha man page to accomplish this, but to no avail.
Is this possible? Has anyone (successfully) accomplished this? Or am I required to insert an RE to match against
in every header sent, in Perl?
A possible way via tha hiawatha config, might be along the lines of:
Match %{HTTP_USER_AGENT} ^MegaIndex DenyAccess
Thank you for all your time, and consideration.
--Chris
Hugo Leisink
27 June 2016, 20:50
What you are looking for is
UrlToolkit {
...
Header User-Agent ^MegaIndex DenyAccess
}
Chris
27 June 2016, 23:41
Thank you for taking the time to reply, Hugo!
I attempted to implement your suggestion. But a restart of the hiawatha service failed. Complaining of;
A ToolkitID is missing in a UrlToolkit section in hiawatha.conf
I don't mean to sound obtuse, but I had a devil of a time trying to make any use of a ToolkitID. It
just seemed to over complicate my intention, or overly S P A M the hiawatha config. As a developer
of many years, I'm always keen on reading the documentation, *before* bothering the developer.
But I found the hiawatha(1) man page unnecessarily difficult to navigate
1) Because of it's overall size
2) because almost all of the internal cross references are UNlinked, eg;
See chapter URL TOOLKIT for more... Where URL TOOLKIT is not linked, nor most of the other
similar sections, referenced in this fashion. In the end, I was forced to open up the actual
hiawatha.1 file in my editor, as raw text, and ask *it* to jump to the referenced section(s),
before I was finally able to properly implement your thoughtful suggestion.
Mind you, I'm *extremely* grateful for your work, and more; your *sharing* it. But IMHO, the
hiawatha(1) man(1) page could really use some love. :-)
Thanks again, Hugo, for taking the time to help me!
--Chris
I attempted to implement your suggestion. But a restart of the hiawatha service failed. Complaining of;
A ToolkitID is missing in a UrlToolkit section in hiawatha.conf
I don't mean to sound obtuse, but I had a devil of a time trying to make any use of a ToolkitID. It
just seemed to over complicate my intention, or overly S P A M the hiawatha config. As a developer
of many years, I'm always keen on reading the documentation, *before* bothering the developer.
But I found the hiawatha(1) man page unnecessarily difficult to navigate
1) Because of it's overall size
2) because almost all of the internal cross references are UNlinked, eg;
See chapter URL TOOLKIT for more... Where URL TOOLKIT is not linked, nor most of the other
similar sections, referenced in this fashion. In the end, I was forced to open up the actual
hiawatha.1 file in my editor, as raw text, and ask *it* to jump to the referenced section(s),
before I was finally able to properly implement your thoughtful suggestion.
Mind you, I'm *extremely* grateful for your work, and more; your *sharing* it. But IMHO, the
hiawatha(1) man(1) page could really use some love. :-)
Thanks again, Hugo, for taking the time to help me!
--Chris
Stephen R. van den Berg
28 June 2016, 09:36
Incidentally, since you are contemplating deploying Hiawatha to a large deployment, you might be interested in the (modest) patch-set I've been running on top of Hiawatha for the past six years. It's especially geared towards larger setups (to improve stability, compatibility with diverse CGI-setups, backwards compatibility with earlier versions of itself, performance and security). It's currently available on:
git clone git://devel2.cuci.nl/hiawatha
The branch you want to evaluate is called "native". The repository is not official, nor is it stable (I'll be shuffling around servers, and the branch you're looking at is rebased from time to time currently).
git clone git://devel2.cuci.nl/hiawatha
The branch you want to evaluate is called "native". The repository is not official, nor is it stable (I'll be shuffling around servers, and the branch you're looking at is rebased from time to time currently).
Hugo Leisink
30 June 2016, 00:42
@Chris: Well, english is not my native language, so perhaps you can help me with the manual?
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
