I'm trying to get this tag to work but the results are very odd.
<cfthrottle token="#cgi.REMOTE_ADDR#" hitthreshold="20"
hittimeperiod="10000">
<cfif CFTHROTTLE.throttle>
<cfheader statuscode="503" statustext="Too many attempts">
<cfheader name="Retry-After" value="180">
<cfparam name="CGI.HTTP_REFERER" default="">
<cfmail to="----------------"
from="------------------"
subject="20 Retries in 10 seconds by #cgi.REMOTE_ADDR#"
type="HTML">
<p>Who: #cgi.HTTP_USER_AGENT#</p>
<p>From: /#cgi.REMOTE_ADDR#</p>
<cfdump var="#cfthrottle#">
</cfmail>
<h1>Too many attempts.</h1>
<cfexit method="request">
</cfif>
I don't see any emails when it kicks in where it has 20 hits. All are
lower like:
struct
AGE 1399
HITCOUNT 2
LASTHIT 150
THROTTLE YES
TOTALHITS 6
Why is this invoking the throttle??? Shouldn't HITCOUNT have to be 20
every time? This guy doesn't even have TOTALHITS of 20 yet, though
others have more.
(I also had a different one on our admin login page with a lower
hitcount and sometimes it would block me after 1 hit only!)
It also doesn't seem to do much anyway. I opened 20 tabs quickly and
then some were blocked but then the next ones weren't, so what good is
it? How is it actually throttling someone? Abusers won't care about
retry-after. Why isn't there a blockperiod attribute? Or how should I
do that?
Finally, what is the bizarre Age date format? Docs say "AGE - the date
since the first hit" The Middle Ages, 1399, was a while a go ;-)
Seconds?
Any practical "full" advice on using this to block people downloading
the whole site, or abusive spiders?
Thanks.
--~--~---------~--~----~------------~-------~--~----~
Open BlueDragon Public Mailing List
http://groups.google.com/group/openbd?hl=en
official site @ http://www.openbluedragon.org/
!! save a network - trim replies before posting !!
-~----------~----~----~----~------~----~------~--~---
