I'm new at developing web pages and supporting web sites.
My problem is: Transactions are hitting the site using ASPtear at such a rate that the site is unstable.
How can I block ASPTear from accessing the site?
A referer is a string passed with the request for the webpage that states from where the user is visiting your website.
For example, if you were on www.google.com and they found a link to your website and clicked on it, your website would see the referer as www.google.com.
Something else you may want to look at is useragent blocking. Useragent is a string (also sent with request and headers) that states the type of browser. An example is something like "Microsoft Internet Explorer 6.0/.NET Framework 1.1".
Both of these things can be forged fairly easily but it requires a bit more effort.
Could you also say what you mean by asptear posting commands? I have never used asptear before so I dont know exactly how it works.
Do the asptear requests all come in from the same ip addres or location?
I thought I would add what I think is a general solution. Basically something along the lines of mod_rewrite in apache should work. An example is ISAPI_Rewrite (which costs money). Instead of this, you can manually add a little asp (or some other scripting) to each page you want to protect which will detect the useragent and block it. Of course, the rewrite engines allow for alot of flexibility and options.
I just looked at the isapi rewrite website. It seems that if you can stand a single configuration for the whole server (for example if you are hosting on dedicated) you can use the lite version which is free. Your host may even have isapi rewrite installed or you may request it. Documentation is available on the website.
I still am not sure what you mean. So you have an html form that does postback to a perl file in your cgi directory. Now, my question is, how do you know it is asptear that is doing the postbacks?
What I am driving at is whether you see the useragent as asptear in your log files. If this is the case, all you need to do is block that useragent.