Ask HN: How to stop people using my RSS reader web app as a proxy for evil sites
I'm building an RSS reader web app. It takes a list of urls for feeds, and returns links to items in the feed.
Due to CORS, the requests have to go through a server. The server also parses the rss feed and just returns a few bits of relevant information. The url, title, and date of the entries.
If I allow anyone to use my server to fetch any RSS feed they want.
What can I do to stop someone nefarious using my server as a proxy to build a list of links to evil/illegal things?
Other than building a database of trustworthy sites, which i'm not willing to do, I can't think of a solution.
4 comments
[ 6.0 ms ] story [ 22.9 ms ] threadBtw is rss a thing now? I was having an idea of creating an rss reader, but gave up because rss is almost dead,
Shoot me an email love to hear from you, arkruka@gmail.com
I provide an RSS feed for my blog at https://susam.in/ . From my access.log, I see there is a decent number of subscribers to my feed. Here is the data I could pull from it:
I get about 4000-6000 hits to my website on a normal day. It increases by 5 to 10 times if a post hits the HN front page but I will talk about ordinary day traffic only here. From the HTTP referer (sic) information in the logs I can see that about 30-50 of those hits have a feed reader in the referer field, that is, at least 0.5%-0.75% of the total hits are coming from users who clicked on a blog post link in their feed reader and landed on the website. It is a very small percentage but 30-50 hits per day from users consuming the feed and 90 subscribers to the feed are reasons good enough to keep the feed alive.