Web Development

3957 readers

10 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Follow the programming.dev site rules
Keep content related to web development
If what you're posting relates to one of the related communities, crosspost it into there to help them grow
If youre posting an article older than two years put the year it was made in brackets after the title

Related Communities

Wormhole

[email protected]

Some webdev blogs

Not sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

https://frontendfoc.us/ - [RSS]
https://wesbos.com/blog
https://davidwalsh.name/ - [RSS]
https://www.nngroup.com/articles/
https://sia.codes/posts/ - [RSS]
https://www.smashingmagazine.com/ - [RSS]
https://www.bennadel.com/ - [RSS]
https://web.dev/ - [RSS]

Credits

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

snowe

erlingur

Ategon

Forget IPs: using cryptography to verify bot and agent traffic (blog.cloudflare.com)

submitted 1 week ago by [email protected] to c/webdev

7 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Kissaki 1 points 1 week ago (1 children)

For those building bots, we propose signing the authority of the target URI, i.e. www.example.com, and a way to retrieve the bot public key in the form of signature-agent, if present, i.e. crawler.search.google.com for Google Search, operator.openai.com for OpenAI Operator, workers.dev for Cloudflare Workers.

They're proposing the request will include public key source information and request target. Through the public key source, you can verify the origin via source domain name.

[–] refalo 1 points 5 days ago* (last edited 5 days ago) (1 children)

So when that gets blocked, they can just generate a new key. I don't see how this really stops anyone that wants to keep going.

[–] Kissaki 1 points 5 days ago (1 children)

The point is it makes them identifiable. If you block anything not authenticatable, and everything that auths via *.google.com, you are effectively blocking everything from Google.

If you fear they will evade to other domains, you'll have to use an allow-list.

[–] refalo 1 points 4 days ago

Ok so effectively then this basically shifts the work from blocking IPs to blocking domains. It might slow down some smaller players, but I imagine anyone with a decent amount of money can afford an insane number of domains.