this post was submitted on 17 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

515 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I'm using a self-hosted installation of PHPList to manage a newsletter.

Subscribers can be added via a POST to this URL:

https://www.[WEBSITE]/lists/?p=subscribe

It's presently overrun by bots.

I added this to .htaccess to block this URL

RewriteEngine On

RewriteCond %{QUERY_STRING} ^p=subscribe$ [NC]

RewriteRule ^ - [F]

Now, if you visit the subscription page above it will give a 403 error.

But, you can still add subscribers by using a POST to this URL.

How can I actually block folks from using this URL to subscribe?

you are viewing a single comment's thread
view the rest of the comments
[–] zfa@alien.top 1 points 1 year ago

I know, I know 'BuT It's NOt seLFhOStEd!' but I just let the pros deal with bots and front that kind of stuff with Cloudflare.

If you've privacy concerns you can always have that one thing on a specific subdomain and only enable Cloudflare on that, whilst keeping the rest of your subdomains unproxied.

Alternatively can't you add a capture (again, giving up a bit of privacy).