Anyone?
> I'm trying to get this tag to work but the results are very odd. > > <cfthrottle token="#cgi.REMOTE_ADDR#" hitthreshold="20" > hittimeperiod="10000"> > <cfif CFTHROTTLE.throttle> > <cfheader statuscode="503" statustext="Too many attempts"> > <cfheader name="Retry-After" value="180"> > <cfparam name="CGI.HTTP_REFERER" default=""> > <cfmail to="----------------" > from="------------------" > subject="20 Retries in 10 seconds by #cgi.REMOTE_ADDR#" > type="HTML"> > <p>Who: #cgi.HTTP_USER_AGENT#</p> > <p>From: /#cgi.REMOTE_ADDR#</p> > <cfdump var="#cfthrottle#"> > </cfmail> > <h1>Too many attempts.</h1> > <cfexit method="request"> > </cfif> > > I don't see any emails when it kicks in where it has 20 hits. All are > lower like: > > struct > AGE 1399 > HITCOUNT 2 > LASTHIT 150 > THROTTLE YES > TOTALHITS 6 > > Why is this invoking the throttle??? Shouldn't HITCOUNT have to be 20 > every time? This guy doesn't even have TOTALHITS of 20 yet, though > others have more. > > (I also had a different one on our admin login page with a lower > hitcount and sometimes it would block me after 1 hit only!) > > It also doesn't seem to do much anyway. I opened 20 tabs quickly and > then some were blocked but then the next ones weren't, so what good is > it? How is it actually throttling someone? Abusers won't care about > retry-after. Why isn't there a blockperiod attribute? Or how should I > do that? > > Finally, what is the bizarre Age date format? Docs say "AGE - the date > since the first hit" The Middle Ages, 1399, was a while a go ;-) > Seconds? > > Any practical "full" advice on using this to block people downloading > the whole site, or abusive spiders? > > Thanks. --~--~---------~--~----~------------~-------~--~----~ Open BlueDragon Public Mailing List http://groups.google.com/group/openbd?hl=en official site @ http://www.openbluedragon.org/ !! save a network - trim replies before posting !! -~----------~----~----~----~------~----~------~--~---
