Katryne wrote:

Direct access via bookmark links was blocked by the checkbox on the plugin's 1st configuration tab: Block access without referer or cookies (or something like that, I can't get the configuration page back into English).
If I uncheck it, will the plugin continue to block robots?

Hello Katryne.

About the “Block access without Referer and cookies” option
This setting blocks a very specific type of automated traffic:
Bots that try to access your site directly without a referer and without any cookies.

Why block those?
Legitimate visitors usually:

- Arrive via links (search engines, forums, etc.) → this creates a referer
- Accept and send cookies during browsing

Suspicious bots often:

- Make direct requests with no referer
- Don’t handle cookies properly
- Try to scrape or scan your site in stealth mode
- So this setting can help filter out basic, unsophisticated bots.

Side effect: Bookmarks and direct access
If this option is enabled, it may also block:

- Visitors who open your site via bookmarks
- Visitors in private/incognito mode
- Users coming directly to the homepage
- That's why this feature is now set to false by default, so it won't affect regular users unless you choose to activate it manually.

Will the plugin still block bots?
Yes! Even if this setting is off, the plugin continues to block bots using:

- User-Agent detection (e.g. SemrushBot, AhrefsBot, MJ12bot, etc.)
- Custom bot name lists
- Blocked IP addresses

This checkbox is just an extra layer to catch very specific bot behavior. Use it if you want stricter blocking.

Olaf, Thank you for explaining, and at my level of understanding...  I will now instal your plugin on my "living" Piwigos.

Last edited by Katryne (2025-06-05 13:18:53)

Hello Klaus

Allowed IP addresses now supported (IPv4 & IPv6)

Good news! The latest version 1.0.1of the plugin now supports whitelisting specific IP addresses, including both IPv4 and IPv6.

This is useful if you're running automated scripts (e.g. via wget, curl or cronjobs) that were previously blocked due to missing cookies or referrer headers.

What’s new:

- A file called whitelisted_ips.txt stores your allowed IPs.
- IPv4 and IPv6 formats are supported (including partial IPs like 192.168.).
- A new config constant BOT_PROTECTION_ALLOWED_IPS ensures consistent handling.
- You can manage allowed IPs directly in the admin panel (Whitelist tab).
- With this, your server tools and trusted external services can safely bypass the protection layer. No more disabling the plugin for internal use!

Best wishes from Berlin and have a nice weekend,
Olaf

Last edited by Schneider-Fotografie (2025-06-06 19:27:32)

Klaus, look at the bottom of the white list tab : scroll down, down, down...

I did a complete reinstall of the plugin but still no options to white list IPs

Ok, thanks, looks better. Tested and works.

Last edited by OHappyDay (2025-06-07 00:01:52)

Thanks.

One note: today I noticed that a gptbot from openai.com was heavily crawling my website. I added "gptbot" to the list of blocked bots. It worked.

Look at the associated IP address. If it is 54.36.148.121 then it belongs to the ahrefs.com bot (it is a marketing company).

Last edited by OHappyDay (2025-06-08 12:06:05)