NYCPHP Meetup

[nycphp-talk] Looking for ideas on how to allow spiders to cra wl authenticated pages

DeWitt, Michael mjdewitt at alexcommgrp.com
Mon Feb 24 21:46:50 EST 2003


Chris,

This was along the lines of what I was thinking and possibly using the
remote_address in conjunction to further limit the access.  I don't know if
this is feasible since from what I have heard of Google, their bots can come
from anywhere.

Mike


> Sure, you can check the User-Agent header to see if it matches a known
> spider,
> but your authentication is effectively reduced to someone sending this
> header,
> and if you can find User-Agent strings for known spiders, so can an
> attacker.
> 
> Chris
> 
> 
> --- Unsubscribe at http://nyphp.org/list/ ---
> 



More information about the talk mailing list