Closed
Description
Motivation
As we all know, many bots are fakeing User-Agent header to look like a, i.e., Googlebot. In lots of cases, users are trusting this header and, for example, are not applying so high restrictions for such requests. Anyway, behavior where anyone is fakeing anything to get something more is considered bad (or should be). This plugin is able to detect and block such requests.
Proposed solution
This is an alternative and more general version of Fake Googlebot plugin.
As @theMiddleBlue suggested, this version of plugin is using DNS PTR records for checking if a bot is real or fake. Plugin consists of these parts:
- blocking rule
- Lua script
Currently, plugin is able to detect these fake bots:
- Googlebot
- Bingbot
- Facebookbot
Prototype of this plugin is ready.
Plugin registry PR: coreruleset/plugin-registry#4.