Oh thanks ! I had not looked there. It's bingbot : it is authorized, but blocked by the access limits specified in the configuration.

Katryne wrote:

Olaf, there is a robot that the plugin stopped 109 times, but I cannot identify it because the line does not display enough characters...

Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compa     109
Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)     2

Edit : maybe it's not the same robot, but several which begin with the same characters ???

Hello Katryne,

Please add the following to your list and test it ->
Blocked User Agents:

AhrefsBot
compa
compa 109
Android 7.0

Last edited by Schneider-Fotografie (2025-06-08 20:02:37)

Katryne wrote:

You sure ?  compa is not a user agent, it's the beginning of compatible and the rest of the line cannot been displayed.

Sorry Katryne,
you're absolutely right. Please don't enter "compa"!
I have the following in my list, and it's enough for me. As a result, I have 7656 blocked requests, from today alone!

Blocked user agents:

SemrushBot
AhrefsBot
MJ12bot
DotBot
crawler
spider
python-requests
curl
wget
YandexBot
Baiduspider
masscan
PetalBot
AspiegelBot
SemrushBot

Last edited by Schneider-Fotografie (2025-06-08 20:35:07)

Katryne wrote:

I block these ones :

SemrushBot
AhrefsBot
MJ12bot
PetalBot
DotBot
Yandex
BaiDuSpider
Mail.ru
BLEXBot
SEOkicks-Robot
amazonaws.com

I am not sure how to enter amazonaws.com and Mail.ru.

Maybe I'll add the generic crawler and spider

The typical Mail.ru user agent is:
Mail.RU_Bot

However, there are variants and obfuscated versions.
Recommendation: Simply enter both variants:
Mail.RU_Bot
Mail.ru

Please let me know if it works!

OHappyDay wrote:

I have to report a problem with bot protection:

When I try to connect/login to my website through the piwigo app on my Android mobile device I get blocked.
I have no idea how to resolve this. Deactivating the plugin is not an option now that it works so good.

Ideas?

Klaus

Enter your IP address in the Allowed IP Addresses section, and it should work:
Enter one IP address per line. These will be excluded from bot restrictions.

I found a solution: I added the identification for the app ("Dart") to the file whitelisted_bots.txt. Now the app can connect to the website.

Schneider-Fotografie wrote:

Blocked user agents:

...
curl
wget
...

Fwiw, curl and wget are not bots, they are command line tools that may be used in several contexts.

chillygator wrote:

Schneider-Fotografie wrote:

OHappyDay wrote:

I found a solution: I added the identification for the app ("Dart") to the file whitelisted_bots.txt. Now the app can connect to the website.

Exactly, you can then add Dart and Piwigo to the whitelist later!

Olaf

How do I add Dart and Piwigo to the whitelist exactly?

Here is what I did so far:

I found the empty whitelisted_bots.txt file in /_data/bot_protection/ folder.  I added the words Dart on the first line and Piwigo on the second line as follows, and saved the file:

Dart
Piwigo

The Piwigo mobile app still blocks me from logging in.  If I deactivate the Bot Protection plugin, then it works.

Thanks in advance,
Nathan

Hi Nathan,

you almost did it right, but the whitelisted_bots.txt file only works if your app’s User-Agent exactly contains “Dart” or “Piwigo”. Many apps use different User-Agent strings.

What you can do:
1) Add your IP address to the whitelist:
Go to the Bot Protection admin area → Whitelist → Allowed IP Addresses and add your current IP address used for login.

2) Add the exact User-Agent:
If you can find your Piwigo app’s User-Agent string (for example in the log_all_requests.txt file), add this exact string to your whitelisted_bots.txt.

Example:
If your User-Agent is:
Piwigo/13.7.0 (iOS 17.5; Dart/3.3)

you can add:
Piwigo/
Dart/

to ensure the app is allowed.
Best regards,
Olaf