#吐槽
Dear Nostr client developers, relay automation software developers, protocol extension software developers, please add proper User-Agent headers to your HTTP clients and WebSocket clients, and if necessary declare the client's characteristics and IP range in both directions.
Last night, I blocked some massive resource abusers for my community relay. They all had one thing in common: without a User-Agent, I had no way of knowing who was behind the IP. I recommend that all client developers include the full and correct User-Agent header for both HTTP clients and WebSocket clients, especially for unsolicited messages, and preferably with contact information. I realize that this header can be easily tampered with, but as long as the administrator of a particular dedicated facility declares the IP range and User-Agent characteristics of their client in both directions, this is still valid, as is the case with Googlebot crawlers.
Since I had no way of knowing who was who, I made the mistake of blocking the bot used by Mostr.pub to check the validity of NIP-05 identity in user profiles for a few days, which led to a few minor problems. It was only after a targeted check of the server logs that I realized it was hiding in a visitor with the User-Agent "Deno". cc: Alex Gleason (npub1q3s…d26p)
via Nostr@cxplay
Dear Nostr client developers, relay automation software developers, protocol extension software developers, please add proper User-Agent headers to your HTTP clients and WebSocket clients, and if necessary declare the client's characteristics and IP range in both directions.
Last night, I blocked some massive resource abusers for my community relay. They all had one thing in common: without a User-Agent, I had no way of knowing who was behind the IP. I recommend that all client developers include the full and correct User-Agent header for both HTTP clients and WebSocket clients, especially for unsolicited messages, and preferably with contact information. I realize that this header can be easily tampered with, but as long as the administrator of a particular dedicated facility declares the IP range and User-Agent characteristics of their client in both directions, this is still valid, as is the case with Googlebot crawlers.
Since I had no way of knowing who was who, I made the mistake of blocking the bot used by Mostr.pub to check the validity of NIP-05 identity in user profiles for a few days, which led to a few minor problems. It was only after a targeted check of the server logs that I realized it was hiding in a visitor with the User-Agent "Deno". cc: Alex Gleason (npub1q3s…d26p)
via Nostr@cxplay
