[error10]

Quote:

Originally Posted by Alfa1

These are donation / subscription payments that are blocked.
The url for this one relates to my payment module and contains variables relating to payment information.

PayPal has a long history of sending their IPN notifications without a User-Agent. There's nothing I've been able to do to convince them to send a User-Agent except to advise affected people to complain to PayPal. In the meantime you can whitelist their IP addresses.

Quote:

Originally Posted by Lee G

A bit more playing around and it looks like google gets blocked when reverse proxy is enabled

If this happens, make sure that X-Forwarded-For is actually the header that your load balancer or accelerator is setting when it forwards HTTP requests to your server. If it uses a different header, be sure to change it. You may also need to list the IP address(es) for your load balancer.

If you aren't using a reverse proxy or load balancer, then you should not enable this option.

Quote:

Originally Posted by Eric

Regarding: POST more than two days after GET

Looks like this is happening if it's been 48hrs + between the screener cookie and a form submission:

Eric, the cookie needs to be refreshed on every page load, especially for logged-in users.

If caching is in use, then the cached pages need to be expired at least every 48 hours.

Quote:

Originally Posted by Eric

Alfa1, I do apologize, but I have no idea right now what the issue is with the Accept header. There are a few possibilities, however, such as if the user is using a proxy/VPN... or if they are running the browser in "private" mode - there is also some PC software that could cause the problem. I'm going to talk with Michael (error10) about this, and see if he has any ideas.

Most of the time, these are actual spambots.

The rest of the time, it's somebody who installed Norton or something and whatever they're using is stripping out random headers, and the user doesn't really know what's going on. Or someone who thinks they know what they're doing who is a bit extreme with their "privacy". Often these require somebody to actually talk with the user and figure out what's actually going on.

Like Eric, I'm glad my code has been helpful in reducing the spam and DoS problems for your forums. I'm nearing the 2.2 core release and as soon as I have that out, I can get back to work on some core stuff that's been waiting a long time. I'll be posting an updated roadmap for 3.0 soon.