hippy-
And I know the browser fingerprint, etc.
But... the fingerprint is probably not unique, as I don't do anything intrusive to make it so. Which means if I block based on that I'm likely to have false positives.
And in general, I'm pro-VPN, anti-surveillance... the obvious automated technical solution here kinda goes against both of those principles.
That said... interesting conversation at work now about whether sites could log the request identifier (cf-ray header) and later report "That was a bad request" where bad means "spam" or "L7 attack" or "harrassment", whatever. And then the system could look at those requests to determine the correlation at a more granular level, or across a huge number of sites, and if it is determined to actually be bad, could then mitigate on either a single website (LFGSS) or on the network (all CF sites).
You are reading a single comment by @hippy and its replies.
Click here to read the full conversation.
Velocio
Thanks, banned.
Annoyingly it's a real person, on a VPN, which makes this stuff harder to automate against.
What I don't want to be doing is blocking VPNs from accessing.