Open nisbet-hubbard opened 1 month ago
I think my desire is the same:
I have one site which can load 100's of images per page. They are static, and I don't mind those. My wish is for mod_evasive to just affect the cgi generation.
So, I don't know if a DosWhitelistMIME image/* would be easy to add, but if not, LocationMatch would do the job!
Our workaround for now is to issue a JS challenge through Cloudflare for requests not coming from known bots and not having a referer header. Price: small non-interactive delay for human visitors.
I got around the problem by moving all the images to a different virtual host, and modifying the html appropriately - you can have separate mod_evasive settings for virtual hosts.
No offence, but I hate the JS challenge stuff, even more so as the particular site I'm referring to is intentionally a no-JS-required site!
moving all the images to a different virtual host, and modifying the html appropriately
That's clever!
Veering off the topic a bit, I'd also love to hear what you would use for email obfuscation, sans JS.
Thanks! As for email obfuscation, I don't do it. I just rely on my email servers (which I also run) to filter spam.
It's not ideal, but it works for me. One thing I'll never do is "blackhole" an email - if my system thinks it's spam, it will be rejected at source. If it can't do that, it will be delivered. Nothing worse than legitimate mail getting lost without either sender or receiver knowing.
I use spamhaus blocklists, and block some dodgy domains manually. If things get bad, I deliver non-whitelisted email to a different email box, I can then periodically go through that and if there is legitimate mail, move it to the main mailbox, which then also whitelists the address.
Wouldn't things be easier if all people were nice? :-)
P.S. I'm not against JS itself, but I consider that if possible, it an enhancer, not a requirement.
Again, this isn't a criticism of people who do use it - I understand the frustration driving people to its use for both email protection, dos protection, and other stuff, I just prefer to avoid it myself if possible.
Many thanks for forking and continuing developing this most useful module!
Currently,
mod_evasive
can’t be used inside<If>
or<LocationMatch>
. A situation where we often want the capability ofmod_evasive
, however, is on dynamic pages which can’t be cached.It’d be really nice if this module can work with such path-based conditional logic.