New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Cheaper alternatives to Report-URI.io?
Services like Report-URI aggregate various monitoring tools for issues such as:
- Content Security Policy
- DMARC
- Expect-CT
They are pretty handy. They generate a URL for you, you put it in your web server headers (or DNS entries) and then you have nice reports on what is going on. Here is the thing: I exhausted their free monthly quota in one day. Their cheapest monthly is $10USD, which is as much as I am paying for my VPS. I am no commercial user.
Are there cheaper alternatives? I know of DMARCian for DMARC only. What about CSP and Expect-CT?
Comments
You exhausted 10,000 reports in one day? Are you doing it wrong?
Probably he make something commercial and now trying to cheapskate as all LET members do. It's normal and acceptable.
Now, on the matter - you must pay real money if you making money. Simple as that. If you want to go in a hard way, rent few low end servers and rotate IP's/accounts.
Nah man, you are giving me too much credit here. It is my personal blog. Very, very low traffic and absolutely no commercial.
What makes me exhaust the report limit is CSP, which caused 99.99% of the reports.
So I would lean to what @TimboJones wrote and I am likely doing it wrong if it is not normal to have these numbers.
All I did was to add:
add_header Content-Security-Policy-Report-Only "default-src https:; report-uri https://xyz123.report-uri.com/r/d/csp/reportOnly";to the nginx config of that website. Will look if there is something more to be done instead of just slapping the config item as is. Or perhaps there is so much bad in a page somewhere that every line of it generates a report.