|
Home > Archive > Apache Server configuration support > January 2007 > lifetime of an environment variable
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
lifetime of an environment variable
|
|
| patpro ~ patrick proniewski 2007-01-06, 8:11 pm |
| Hi,
I would like to know if an environment variable set by Apache at some
point can be used later. I would like to be able to track users without
cookies in order to prevent spamming on blogs/forums/...
patpro
--
http://www.patpro.net/
| |
| Davide Bianchi 2007-01-06, 8:11 pm |
| On 2007-01-01, patpro ~ patrick proniewski <patpro@boleskine.patpro.net> wrote:
> I would like to know if an environment variable set by Apache at some
> point can be used later. I would like to be able to track users without
> cookies in order to prevent spamming on blogs/forums/...
I don't see how you want to do so. An environment variable can only
be set by apache on the server, and you certainly don't want that.
Besides, Apache doesn't have a way (a part from Cookies) to discern two
users if they are behind the same IP address (proxy).
D.
--
Turn your Pentium into an XT -- just add Windows!
| |
| patpro ~ patrick proniewski 2007-01-06, 8:11 pm |
| In article <slrnepid4o.37v.davideyeahsure@fogg.onlyforfun.net>,
Davide Bianchi <davideyeahsure@onlyforfun.net> wrote:
> On 2007-01-01, patpro ~ patrick proniewski <patpro@boleskine.patpro.net>
> wrote:
>
> I don't see how you want to do so.
my purpose is to set an environment variable when the client is first
spotted on the server, accordingly to the way it has established its
connection. Current blog/forum spammers try to mimic "real client"
behaviour, but fails miserably. I need to use this variable later, when
the same client tries to POST.
> An environment variable can only
> be set by apache on the server, and you certainly don't want that.
it's ok for me
> Besides, Apache doesn't have a way (a part from Cookies) to discern two
> users if they are behind the same IP address (proxy).
I don't care 
Currently, when I spot spammers, I use one of these method to block them
:
- I block the whole country, using mod_geoip
- I block the /24 netblock in apache conf (deny from xxx.yy.zz.)
- I block the /24 or /16 netblock in the firewall.
You must know that most of the automated blog/forum spam comes from
servers in hosting farms. These are not regular clients, and they should
not connect to a blog to post a comment.
The environment variable should be set only when the first connection is
made the "spammy way", so, no regular clients should be affected.
But well, I understand what I want to do is not possible using env.
variables. I'll have to find something else. May be I can fix something
fun with mod_usertrack, but it's almost rocket science...
patpro
--
http://www.patpro.net/
| |
| Davide Bianchi 2007-01-06, 8:11 pm |
| On 2007-01-01, patpro ~ patrick proniewski <patpro@boleskine.patpro.net> wrote:
> You must know that most of the automated blog/forum spam comes from
> servers in hosting farms. These are not regular clients, and they should
> not connect to a blog to post a comment.
In this case, you have some kind of 'application' running under Apache
(blog or similar that allows user's interaction), then I think you should
look at a way to do this 'spam-spotting' on the application side, not
on Apache side.
Davide
--
Q: What does the CE in Windows CE stand for?
A: Caveat Emptor.
| |
| patpro ~ patrick proniewski 2007-01-06, 8:11 pm |
| In article <slrnepiis3.381.davideyeahsure@fogg.onlyforfun.net>,
Davide Bianchi <davideyeahsure@onlyforfun.net> wrote:
> On 2007-01-01, patpro ~ patrick proniewski <patpro@boleskine.patpro.net>
> wrote:
>
> In this case, you have some kind of 'application' running under Apache
> (blog or similar that allows user's interaction), then I think you should
> look at a way to do this 'spam-spotting' on the application side, not
> on Apache side.
you are right, it's probably the most efficient way to deal with this
problem. But I want 2 things that are not easy to get with a filter on
the application side:
- I don't want to temper with application source code, so that any
upgrade or reinstall is straightforward.
- I would really like the spammer detection/blocking to be application
independent, so that any other application (other blog or forum systems)
can use it.
patpro
--
http://www.patpro.net/
|
|
|
|
|