From e7818b9d1f8957ed4ae02f22b1e11e681bf45549 Mon Sep 17 00:00:00 2001 From: Dan Fandrich Date: Fri, 23 May 2025 18:50:29 -0700 Subject: Block expensive svnweb operations without a cookie If an expensive request comes in from anyone without a cookie attached, redirect to a page where the cookie is set using JavaScript, then redirect back. This should block robots from these paths, most of which do not support JavaScript. The collateral damage is that a JavaScript browser is now required for users to access those paths. The contents of the cookie is not currently checked, merely that it is set. --- modules/viewvc/files/setcookieredirect.html | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 modules/viewvc/files/setcookieredirect.html (limited to 'modules/viewvc/files/setcookieredirect.html') diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html new file mode 100644 index 00000000..d1b7ada4 --- /dev/null +++ b/modules/viewvc/files/setcookieredirect.html @@ -0,0 +1,27 @@ + + + + User check + + + + Redirecting back... +
+

+ + -- cgit v1.2.1