Tiny Tiny RSS: Community

Missing Accept in Request Header

Describe the problem you’re having:

I am a website owner, recently I have tested a new WAF Rule (OWASP Protocol Anomalies) that will marked traffic without Accept request header as BotNet traffic.
After I enabled this WAF Rule, I immediately find the User-Agent Tiny Tiny RSS/19.2 (4a2836e) (http://tt-rss.org/) showed up in WAF Log.

tt-rss version (including git commit id):

Tiny Tiny RSS/19.2 (4a2836e)

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:

I don’t know. I am just a website owner and some user of tt-rss has subscribed my RSS.

HTTP accept header is optional (see RFC 2616).

while nobody can stop you from forbidding traffic to your website based on whatever retarded criteria you set for yourself, it doesn’t mean the rest of us are going to adapt for your misguided paranoia.

i recommend filtering both ingress and egress access to TCP ports 80 and 443. this way you won’t get any botnet traffic - guaranteed - and the rest of us won’t need to suffer your posting. an ideal solution if there was any.