aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use more appropriate decoding/encoding when redirectingHEADmasterDan Fandrich2025-06-061-2/+2
|
* Properly escape the target in then anti-robot redirectDan Fandrich2025-06-064-3/+20
| | | | Any additional URL parameters after a & were previously dropped.
* Increase LLVM build timeoutJani Välimaa2025-06-031-3/+3
|
* Use an absolute URL when redirectingDan Fandrich2025-05-231-3/+4
| | | | | This reduces the possibility of a malicious URL redirecting to another domain.
* Use a fixed random number in the cookieDan Fandrich2025-05-231-1/+1
| | | | | The intent of this cookie isn't actually to track sessions, so eliminate any privacy impact by using a fixed number instead.
* Add another allowed character for cookie redirectsDan Fandrich2025-05-231-1/+1
|
* Block expensive svnweb operations without a cookieDan Fandrich2025-05-233-0/+45
| | | | | | | | | If an expensive request comes in from anyone without a cookie attached, redirect to a page where the cookie is set using JavaScript, then redirect back. This should block robots from these paths, most of which do not support JavaScript. The collateral damage is that a JavaScript browser is now required for users to access those paths. The contents of the cookie is not currently checked, merely that it is set.
* Reduce the number of SVN paths considered too expensiveDan Fandrich2025-05-231-4/+3
| | | | | | | These two don't seem to contribute much to the load seen when robots start hitting svnweb that hard. Also, remove a separate query block that seems to not help much (and which was hard to find in a different location in the file).
* Block expensive operations on another Google botDan Fandrich2025-05-191-2/+2
| | | | | | | The last range was actually another Google bot, which clearly doesn't support Crawl-Delay:. Rather than block one IP range, which isn't going to work long-term since they have so many ranges, block only expensive operations via its new User-Agent: string instead.
* Block another abusive IP address rangeDan Fandrich2025-05-191-1/+1
|
* Block more abusive IP address rangesDan Fandrich2025-05-171-1/+1
| | | | These comprise roughly 20% of current requests.
* Try to ensure sympa-outgoing.service being runningJani Välimaa2025-05-161-0/+5
|
* Limit PostgreSQL memory usage a bitJani Välimaa2025-05-111-4/+4
|
* Fix typo in effective_cache_size PostgreSQL memory parameterJani Välimaa2025-05-111-1/+1
|
* Tune more PostgreSQL memory parametersJani Välimaa2025-05-111-3/+3
|
* Increase PostgreSQL server shared_buffers to 4GBJani Välimaa2025-05-111-1/+1
| | | | According to upstream a reasonable starting value for shared_buffers is 25% of the memory which would be actually 8GB in sucuk.
* Rotate apache logs weekly on sucuk to keep them smallerJani Välimaa2025-05-101-0/+3
|
* Block PrestoJani Välimaa2025-05-041-1/+1
| | | | Most probably Presto is not used as user agent in browsers used by potential users of Mageia.
* Block TridentJani Välimaa2025-05-041-1/+1
|
* Add robots.txt for forumsJani Välimaa2025-05-043-0/+18
|
* Fix wiki robots.txt creationJani Välimaa2025-05-041-1/+3
|
* Add robots.txt to wikiJani Välimaa2025-05-043-0/+14
|
* Bump the timeouts in check_mirrorDan Fandrich2025-04-231-2/+2
| | | | | When servers are bogged down it can take longer than 9 seconds to connect.
* Block a few more thingsPascal Terjan2025-04-161-1/+4
|
* Disable rebuild actionPascal Terjan2025-03-241-1/+0
| | | | It has never worked
* Expand the IP ranges banned for hosting spidersDan Fandrich2025-03-071-1/+1
| | | | Widen the CIDR mask to catch many more addresses used by these bots.
* Revert "Freeze cauldron until python 3.13 pkgs are moved into core/release"Jani Välimaa2025-03-061-2/+2
| | | | This reverts commit c2b78571ec2996723aeb5a34b78544fd3dc76951.
* Freeze cauldron until python 3.13 pkgs are moved into core/releaseJani Välimaa2025-03-061-2/+2
|
* Fix path in spec-tree-reportsDan Fandrich2025-02-271-1/+1
| | | | A script that has moved its location in spec-tree-2025.1
* Allow Bugzilla messages to a number of mailing lists (mga#33748)Dan Fandrich2025-02-141-0/+8
| | | | | | Bugzilla mails stopped being delivered to these in February 2024 when the Bugzilla From: address changed. This list comes from Sympa logs over the past 2 weeks, so there may be others.
* Allow Bugzilla messages to the kernel list (mga#33748)Dan Fandrich2025-02-142-1/+4
| | | | | Extend the public mailing list template to allow hard-coding specific addresses, like the announce template allows.
* Revert "Allow Bugzilla messages to the kernel list (mga#33748)"Dan Fandrich2025-02-141-1/+0
| | | | | | This reverts commit 75e464cc44c516f0bb274ca683e10310595fba4a. The public mailing list type doesn't support sender_email.
* Allow Bugzilla messages to the kernel list (mga#33748)Dan Fandrich2025-02-141-0/+1
|
* Fix typos in mailing list namesDan Fandrich2025-02-141-12/+12
|
* Remove the DNS verification record (mga#34003)Dan Fandrich2025-02-101-3/+1
|
* Add DNS verification record for TLS certificate renewal (mga#34003)Dan Fandrich2025-02-101-1/+3
|
* youri-check: check gdk-pixbuf2.0 from GnomeJani Välimaa2025-01-141-0/+2
|
* youri-check: run cauldron check on rabbit before report is created on sucukJani Välimaa2025-01-061-2/+2
|
* youri-check: check networkmanager-applet also from FedoraJani Välimaa2025-01-061-0/+2
|
* youri-check: check networkmanager-applet from GnomeJani Välimaa2025-01-061-0/+2
|
* youri-check: fix tabs vs spacesJani Välimaa2025-01-061-2/+2
|
* youri-check: sort Fedora aliasesJani Välimaa2025-01-061-19/+18
|
* youri-check: add aliases for modemmanager and networkmanagerJani Välimaa2025-01-061-0/+36
|
* youri-check: don't check glibmm2.4 from GnomeJani Välimaa2025-01-051-4/+2
|
* youri-check: don't check acme from Gnome we have another pkg with same nameJani Välimaa2024-12-271-0/+2
|
* youri-check: check pango2.0 from GnomeJani Välimaa2024-12-271-1/+4
|
* youri-check: check notify-sharp3 from GnomeJani Välimaa2024-12-271-0/+5
|
* youri-check: stop checking dropped gtkhtml from GnomeJani Välimaa2024-12-261-4/+0
|
* youri-check: don't check gtksourceviewmm3.0 from GnomeJani Välimaa2024-12-261-0/+2
|
* youri-check: don't check gtkmm-documentation3.0 from GnomeJani Välimaa2024-12-261-0/+2
|