Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] deny access based on user agent

On 8/14/2024 1:12 PM, Joakim Erdfelt wrote:
The built-in rules do not generally respond with an error.
Most of them just modify paths or headers.

Hmm; is there an indirect way to do it by modifying the path based on a header and then that static path when accessed would return the 403?

* `ResponsePatternRule` - if the target path is of the specified pattern, then a configurable status code is returned.

I saw that one, but unfortunately it only matches against the path, not an arbitrary header.

For a rule that acts on a request header, and then performs a response with configurable status, none exists in Jetty at this point in time.
Surprisingly you are the first one to ask for it.

It's probably not a common requirement; in this specific case I'm just trying to restrict a broken web crawler <sigh>.

At this point in time, if you need it, then it would be a custom rule and/or handler.

Thanks for the response and the suggestions. I'm using the jetty distribution, not jetty embedded, so custom code would need to be a module or something I suppose.

The crawler was running in AWS; I was actually impressed with Amazon, I submitted a complaint form and they got back to me within about eight hours saying that they had contacted their user who is going to fix the problem.

I'm still seeing some hits from it, but they have drastically decreased from when I complained, so hopefully the fix is just still propagating through their EC2 infrastructure.



Back to the top