On 12/22/2016 03:01 PM, Jim Popovitch wrote:
>
> I think i have a better solution, (but I'm not so sure how to do this
> in Apache). In Nginx you can use "limit_except PUT { deny all; }"
> to deny the spambot GET attempts.
in apache 2.4 you would do
<LimitExcept PUT>
Require all denied
</LimitExcept>
Require all granted
but how does this help? No one, including bots GETs the subscribe CGI,
and subscription is via POST, not PUT.
The scenario is the same for bots and humans. GET the listinfo CGI with
the hidden token and then POST the form to the subscribe CGI. I don't
see how you can block one without blocking the other.
--
Mark Sapiro <m...@msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
