Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

[email protected]

Bots subscribing to site--even with subscription URL is blocked in htaccess (alien.top)

submitted 11 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

I'm using a self-hosted installation of PHPList to manage a newsletter.

Subscribers can be added via a POST to this URL:

https://www.[WEBSITE]/lists/?p=subscribe

It's presently overrun by bots.

I added this to .htaccess to block this URL

RewriteEngine On

RewriteCond %{QUERY_STRING} ^p=subscribe$ [NC]

RewriteRule ^ - [F]

Now, if you visit the subscription page above it will give a 403 error.

But, you can still add subscribers by using a POST to this URL.

How can I actually block folks from using this URL to subscribe?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 11 months ago

I know, I know 'BuT It's NOt seLFhOStEd!' but I just let the pros deal with bots and front that kind of stuff with Cloudflare.

If you've privacy concerns you can always have that one thing on a specific subdomain and only enable Cloudflare on that, whilst keeping the rest of your subdomains unproxied.

Alternatively can't you add a capture (again, giving up a bit of privacy).