Dear ezmlm,
(I don't quite know how this message is going to make it through, due to the very
substance of the message).
I have been wondering why in the dev-digest emails, the names of some unfortunate
contributors always appear mangled. I am talking e.g. of our friend Rüdiger Plüm
(and
Ben Reser wrote:
On Tue, Apr 30, 2013 at 5:23 PM, André Warnier a...@ice-sa.com wrote:
Alternatives :
1) if you were running such a site (which I would still suppose is a
minority of the 600 Million websites which exist), you could easily disable
the feature.
2) you could instead return
Marian Marinov wrote:
On 05/03/2013 07:24 AM, Ben Reser wrote:
On Tue, Apr 30, 2013 at 5:23 PM, André Warnier a...@ice-sa.com wrote:
Alternatives :
1) if you were running such a site (which I would still suppose is a
minority of the 600 Million websites which exist), you could easily
disable
Tom Evans wrote:
On Fri, May 3, 2013 at 10:54 AM, André Warnier a...@ice-sa.com wrote:
So here is a challenge for the Apache devs : describe how a bot-writer could
update his software to avoid the consequences of the scheme that I am
advocating, without consequences on the effectivity
Christian Folini wrote:
André,
On Wed, May 01, 2013 at 02:47:55AM +0200, André Warnier wrote:
With respect, I think that you misunderstood the purpose of the proposal.
It is not a protection mechanism for any server in particular.
And installing the delay on one server is not going to achieve
Tom Evans wrote:
On Wed, May 1, 2013 at 1:47 AM, André Warnier a...@ice-sa.com wrote:
Christian Folini wrote:
Hey André,
I do not think your protection mechanism is very good (for reasons
mentioned before) But you can try it out for yourself easily with 2-3
ModSecurity rules and the pause
Marian Marinov wrote:
On 05/01/2013 12:19 PM, Tom Evans wrote:
On Wed, May 1, 2013 at 1:47 AM, André Warnier a...@ice-sa.com wrote:
Christian Folini wrote:
Hey André,
I do not think your protection mechanism is very good (for reasons
mentioned before) But you can try it out for yourself
Dirk-Willem van Gulik wrote:
On 1 mei 2013, at 13:31, Graham Leggett minf...@sharp.fm wrote:
The evidence was just explained - a bot that does not get an answer quick
enough gives up and looks elsewhere.
The key words are looks elsewhere.
For what it is worth - I've been experimenting with
Graham Leggett wrote:
On 01 May 2013, at 1:51 PM, André Warnier a...@ice-sa.com wrote:
But *based on the actual data and patterns which I can observe on my servers
(not guesses), I think it might have an effect*.
Of course it might have an effect - the real important question
Dear Apache developers,
This is a suggestion relative to the code of the Apache httpd webserver, and a
possible
default new default option in the standard distribution of Apache httpd.
It also touches on WWW security, which is why I felt that it belongs on this
list, rather
than on the general
Graham Leggett wrote:
On 30 Apr 2013, at 12:03 PM, André Warnier a...@ice-sa.com wrote:
The only cost would a relatively small change to the Apache webservers, which
is what my
suggestion consists of : adding a variable delay (say between 100 ms and 2000
ms) to any
404 response.
This would
Ben Reser wrote:
On Tue, Apr 30, 2013 at 3:03 AM, André Warnier a...@ice-sa.com wrote:
Let us imagine for a moment that this suggestion is implemented in the
Apache webservers,
and is enabled in the default configuration. And let's imagine that after a
while, 20% of
the Apache webservers
Ben Reser wrote:
On Tue, Apr 30, 2013 at 4:09 PM, André Warnier a...@ice-sa.com wrote:
But I have been trying to figure out a real use case, where expecting 404
responses in the course of legitimate applications or website access would
be a normal thing to do, and I admit that I haven't been
Ben Laurie wrote:
On 30 April 2013 11:29, Graham Leggett minf...@sharp.fm wrote:
On 30 Apr 2013, at 12:03 PM, André Warnier a...@ice-sa.com wrote:
The only cost would a relatively small change to the Apache webservers, which
is what my
suggestion consists of : adding a variable delay (say
that they can
scan over any given time period with the same number of bots.
On Tue, Apr 30, 2013 at 12:03:28PM +0200, André Warnier wrote:
Dear Apache developers,
This is a suggestion relative to the code of the Apache httpd webserver, and a
possible
default new default option
15 matches
Mail list logo
