Appoxo@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 2 months agoCloudflare plans marketplace to sell permission to scrape websitestechcrunch.comexternal-linkmessage-square14fedilinkarrow-up1159arrow-down14cross-posted to: technology@lemmy.ml
arrow-up1155arrow-down1external-linkCloudflare plans marketplace to sell permission to scrape websitestechcrunch.comAppoxo@lemmy.dbzer0.com to Technology@lemmy.worldEnglish · 2 months agomessage-square14fedilinkcross-posted to: technology@lemmy.ml
minus-squareumami_wasabi@lemmy.mllinkfedilinkEnglisharrow-up19·2 months agoHow can I do this without Cloudflare?
minus-squareRikudou_Sage@lemmings.worldlinkfedilinkEnglisharrow-up22·2 months agoPut a page on your website saying that scrapping your website costs [insert amount] and block the bots otherwise.
minus-squaregravitas_deficiency@sh.itjust.workslinkfedilinkEnglisharrow-up15·2 months agoThe hard part is reliably detecting the bots
minus-squaremelroy@kbin.melroy.orglinkfedilinkarrow-up5·2 months agoAlso you don’t want to block legit search engines that are not scraping your data for AI.
minus-squaregravitas_deficiency@sh.itjust.workslinkfedilinkEnglisharrow-up7·2 months agoAgain: hard to differentiate all those different bots, because you have to trust that they are what they say they are, and they often are not
minus-squaremelroy@kbin.melroy.orglinkfedilinkarrow-up5·2 months agoInstead of blocking bots on user agent… I’m blocking full IP ranges: https://gitlab.melroy.org/-/snippets/619
minus-squarevinnymac@lemmy.worldlinkfedilinkEnglisharrow-up4·edit-22 months agoIt certainly can be a cat and mouse game, but scraping at scale tends to be ahead of the curve of the security teams. Some examples: https://brightdata.com/ https://oxylabs.io/ Preventing access by requiring an account, with strict access rules can curb the vast majority of scraping, then your only bad actors are the rich venture capitalists.
How can I do this without Cloudflare?
Put a page on your website saying that scrapping your website costs [insert amount] and block the bots otherwise.
The hard part is reliably detecting the bots
Also you don’t want to block legit search engines that are not scraping your data for AI.
Again: hard to differentiate all those different bots, because you have to trust that they are what they say they are, and they often are not
Instead of blocking bots on user agent… I’m blocking full IP ranges: https://gitlab.melroy.org/-/snippets/619
It certainly can be a cat and mouse game, but scraping at scale tends to be ahead of the curve of the security teams. Some examples:
https://brightdata.com/
https://oxylabs.io/
Preventing access by requiring an account, with strict access rules can curb the vast majority of scraping, then your only bad actors are the rich venture capitalists.