2008/10/20 Amos Jeffries <squid3_at_treenet.co.nz>:
>
> It's not so much an empty string. As a completely missing header.
> Squid can only test what it has against what it checks. If you get my
> meaning.
>
> I haven't tested it, but you might have better luck if you invert the test
> to allow access to okay agents and deny the rest.
>
> All they have to do is send -U "fu" and they get past the wget blocker.
> Not to mention the real browser UA are commonly known and often recommended
> for script kiddies to spoof the IE agent to get past site barriers and
> brokenness in one action.
>
> Amos
>
Thanks Amos,
I figured that out just after I'd posted my original mail.
I appreciate that the blocking is pretty weak but it seems that the
majority of the unwanted traffic is some kind of automated client not
supplying any User Agent at all.
I guess we going for the "low hanging fruit", anyone who really wants
the content will be able to fetch it (by spoofing as a real user
agent) but this should way to block a bunch of it.
James
Received on Mon Oct 20 2008 - 12:02:54 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 20 2008 - 12:00:04 MDT