httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: URL scanning by bots
Date Tue, 30 Apr 2013 18:49:05 GMT
On 30 Apr 2013, at 8:42 PM, Ben Laurie <ben@links.org> wrote:

>> This would have no real effect.
>> 
>> Bots are patient, slowing them down isn't going to inconvenience a bot in any way.
The simple workaround if the bot does take too long is to simply send the requests in parallel.
> 
> Disagree. Raising the bar reduces volume.
> 
> In general, I hate the argument that improvement X has obvious
> workaround A and therefore we should not bother with it. It's
> absolutely impossible to make forward progress in security with that
> attitude. Every defence is defeatable (says experience) yet some are
> still worth putting in place.

It's not worth breaking the web to do it.

If you wanted to do something constructive with these requests, come up with a way to signal
the owner of the originating IP address that something dodgy is running on their machine.

Regards,
Graham
--


Mime
View raw message