Forum Moderators: DixonJones
i already have a small list of user agents strings that get banned from accessing this script but now im wondering if there is a better way to ban these kind of accesses, other than filtering on user agent string.
basically – how do i stop everything BUT normal users from accessing this script? ive found this link below but im not sure if this will achieve what i want?
or, should i just get a list of user agent strings of all common browsers and only let those access the script? or do rogue bots also pretend to be accessing with a normal firefox user agent string?
You posted the answer --or part of it-- right there. Set a (different if necessary) cookie on the click-path to the script-calling page itself, then have the script check the cookie. If it's not set, don't log the access in the script. The only complication is that this cookie must be set before requesting the page with the script call -- You may have to use an interstitial page, or --if no other method is workable-- a meta refresh.
You can also use a combination of IP address, request-header, and user-agent whitelisting and blacklisting, but it's an on-going chore. If the above cookie method reduces your junk-access logging sufficiently, you might be happier just to leave it at that.
The script should be "included" as a local file, and not directly-accessible via HTTP.
Jim
dont quite get the click-path thing but im pretty sure i can handle it this way.
thanks v much
Jim
The cookie tested by the script must be set before the HTTP request for the page that includes the script
could you explain that a little more? i thought of just setting a cookie called "botTest" at the top of the script. if user have it present then i run the rest of the script and if they dont that means they have cookies off or they are a bot and the hashes dont get assigned.
good enough right?
