Bad Behavior 2.2.16 has been released. This is a maintenance release and is recommended for all users.
Changes
The following changes have been made since 2.2.15:
- The
viaHTTP header, when present in all lowercase letters, violates a convention that headers should be in mixed case, and the lowercase-only header is commonly seen from malicious proxy servers. However, the actual HTTP specifications do not disallow it, and a check for this lowercase header does block some legitimate traffic. Therefore this version of Bad Behavior has been changed to check for lowercaseviaonly in strict mode. This resolves an issue where web users at certain large companies are blocked; sites expecting these visitors should not enable strict mode.
Download
Notes
Just as a reminder, if you use CloudFlare on your site, you must enable the Reverse Proxy option in Bad Behavior’s settings, or many of your visitors and search engines will be blocked.