Bad Behavior has several options which apply to all ports.
For some ports, these options are set within the
settings.ini file. A sample file is included with Bad Behavior; to use it, copy
settings.ini and upload it to the same folder which contained
Other ports, such as WordPress, ignore
settings.ini and have a built-in administrative page where you can change these settings.
See the documentation for your platform for instructions on how to set Bad Behavior’s settings. Note that Bad Behavior’s default options are fine for most users. Also note that some ports provide additional options specific to that host platform; such options are also documented in the instructions for that platform.
Display Statistics (default off): On some platforms, enabling this option will add a blurb to your web site footer advertising Bad Behavior’s presence and the number of recently blocked requests. Sites receiving more than 1,000 visitors per day should leave this option disabled as it is database intensive. This option is not available or has no effect when logging is not in use.
Logging (default on): You can disable logging entirely, but this is not recommended since it may cause additional spam to get through. Logging is only available on platforms with a connected database.
Verbose Logging (default off): Turning on verbose mode causes all HTTP requests to be logged. When verbose mode is off, only blocked requests and a few suspicious (but permitted) requests are logged. Verbose mode is off by default. Using verbose mode is not recommended as it can significantly slow down your site; it exists to capture data from live spammers which are not being blocked.
Strict Mode (default off): Bad Behavior operates in two blocking modes: normal and strict. When strict mode is enabled, some additional checks for buggy software which have been spam sources are enabled, but occasional legitimate users using the same software (usually corporate or government users using very old software) may be blocked as well. It is up to you whether you want to have the government reading your blog, or keep away more spammers.
Allow Offsite Forms (default false): Bad Behavior normally prevents your site from receiving data posted from forms on other web sites. This prevents spammers from, e.g., using a Google cached version of your web site to send you spam. However, some web applications such as OpenID require that your site be able to receive form data in this way. If you are running OpenID, enable this option.
http:BL API Key (no default): Bad Behavior is capable of using data from the http:BL service provided by Project Honey Pot to screen requests. This is purely optional; however if you wish to use it, you must sign up for the service and obtain an API key. To disable http:BL use, remove the API key from your settings.
http:BL Threat Level (default 25): This number provides a measure of how suspicious an IP address is, based on activity observed at Project Honey Pot. Bad Behavior will block requests with a threat level equal or higher to this setting. Project Honey Pot has more information on this parameter.
http:BL Maximum Age (default 30): This is the number of days since suspicious activity was last observed from an IP address by Project Honey Pot. Bad Behavior will block requests with a maximum age equal to or less than this setting. Project Honey Pot has more information on this parameter.
Reverse Proxy (default off): If your web server is behind a reverse proxy, load balancer or content distribution network, you may need to enable this option in order for Bad Behavior to screen requests properly. This option does not apply to most users and should be left off unless you are absolutely certain that you need it.
If you use the CloudFlare service, you should enable this option.
Reverse Proxy Header (default “X-Forwarded-For”): When a reverse proxy is in use, Bad Behavior looks at this HTTP header to determine the actual source IP address for each web request. Your reverse proxy or load balancer must add an HTTP header containing the remote IP address where the connection originated. Most do this by default; check the configuration for your reverse proxy or load balancer to ensure that this header is sent.
If you use the CloudFlare service, you should change this option to “CF-Connecting-IP”.
Reverse Proxy Addresses (no default): In some server farm configurations, Bad Behavior may be unable to determine whether a remote request originated from your reverse proxy/load balancer or arrived directly. In this case, you should add all of the internal IP addresses for your reverse proxy/load balancer servers, as seen from the origin server. These can usually be omitted; however if you have a configuration where some requests can bypass the reverse proxy/load balancer and connect to the origin server directly, then you should use this option. You should also use this option when incoming requests pass through two or more reverse proxies before reaching the origin server.