I noticed some file (pdf) requests from blocked user agents in logs (latest visitors cPanel). After getting a 403 response the user agent just kept requesting the file. As a result I've sent 70 or 80 pages (403.shtml) to a blocked user. I also noticed a request for files (pdf) from a - not-denied IP or user agent - get a 200, then a 206, then another 206 and on and on. I placed the first and second FilesMatch directives in htaccess to combat this.
The third I added because there's nothing outside of post and get to do on the site - except maybe join a forum - would the last code mess with people utilizing script for forum?
I guess the last question is did I add code that will negatively effect things I haven't thought of. All I know right now is it doesn't break the site ( no 503's yet ).
Here's the htaccess code:
Code:
# Disconnect client after 403 response
<FilesMatch "^403\.shtml$">
SetEnv nokeepalive
</FilesMatch>
# Disconnect client after (1) .pdf request
<FilesMatch "^\.pdf$">
SetEnv nokeepalive
</FilesMatch>
# Visitors can't do anything but
<LimitExcept POST GET>
Require valid-user
</LimitExcept>
Submit Your Article
Forum Rules
Reply With Quote
