Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On Sat, 29 Apr 2017 19:17:04 -0400 Richard Hippwrote: > On 4/29/17, Matias Fonzo wrote: > > > > The reason for which Fossil is using Javascript is because the code > > is pretty effective to keep away the bots?. > > > > Yes. Rogue robots are getting more and more annoying. There is an > arms race between the robots and the anti-robot defenses in Fossil. > At this point in time, the defenses in place are adequate. But you > never know when a new robot will come out and I'll have to come up > with some new defense. Thanks. It's clear. > There are also other user-interface features that use javascript > because the overwhelming majority of web users have javascript > enabled, and the interface really is much nicer when you use > javascript. Really. > The problem is that Javascript is a requirement, and this acts as something "non-universal" to access the content. It could be a rejection in the first instance for a possible user/contributor. pgpf4t7N74pYB.pgp Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On Sat, 29 Apr 2017 19:14:49 -0400 Richard Hippwrote: > On 4/29/17, Matias Fonzo wrote: > > > > Some people who have tried to access the site, were redirected to > > the "honeypot" page, they could not see the content of the site. > > > > If you will ask the people who do not use javascript to log in as > "anonymous", they will no longer be directed to the honeypot. > > If you uncheck the "Enable hyperlinks for "nobody" based on User-Agent > and Javascript" on the Admin/Access page, then everybody will be > required to log in as "anonymous" (or some other user) in order to > enable the hyperlinks. Then there will never be any links to the > honeypot. But, that will make the interface more annoying to the vast > majority of people who do in fact use javascript. > Probably a redirection would be properly for the people who don't use javascript (or it is disabled) for the "anonymous" login. pgpYRGp_P4Xra.pgp Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On 4/29/17, Matias Fonzowrote: > > The reason for which Fossil is using Javascript is because the code > is pretty effective to keep away the bots?. > Yes. Rogue robots are getting more and more annoying. There is an arms race between the robots and the anti-robot defenses in Fossil. At this point in time, the defenses in place are adequate. But you never know when a new robot will come out and I'll have to come up with some new defense. There are also other user-interface features that use javascript because the overwhelming majority of web users have javascript enabled, and the interface really is much nicer when you use javascript. Really. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On 4/29/17, Matias Fonzowrote: > > Some people who have tried to access the site, were redirected to the > "honeypot" page, they could not see the content of the site. > If you will ask the people who do not use javascript to log in as "anonymous", they will no longer be directed to the honeypot. If you uncheck the "Enable hyperlinks for "nobody" based on User-Agent and Javascript" on the Admin/Access page, then everybody will be required to log in as "anonymous" (or some other user) in order to enable the hyperlinks. Then there will never be any links to the honeypot. But, that will make the interface more annoying to the vast majority of people who do in fact use javascript. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
Hi Richard, Thanks for answering. I am from the Dragora community, too. On Sat, 29 Apr 2017 16:23:50 -0400 Richard Hippwrote: > On 4/29/17, Zachary Storer wrote: > > Hello, > > > > I'm a community member of a tiny Gnu/Linux distro called Dragora. > > < http://dragora.org>. We want to use fossil for our distro, but > > we've noticed that some users are unable to access the wiki due to > > JavaScript being enabled (I guess due to this issue: < > > http://fossil-scm.org/index.html/doc/trunk/www/antibot.wiki>). > > > > You can disable the anti-robot defenses. Visit the Admin/Access page > to adjust the settings. Uncheck the "Enable hyperlinks for "nobody" > based on User-Agent and Javascript" button and then press "Apply" at > the bottom of the page. > > When you do that, though, hyperlinks will only be visible for people > who have logged in as "anonymous". The requirement to login as > "anonymous" is a kind of anti-robot defense that does not use > javascript. The reason for which Fossil is using Javascript is because the code is pretty effective to keep away the bots?. > You can further allow users to see hyperlinks without first logging in > as anonymous by going to Admin/Users and editing the "anonymous" user > to give that user "hyperlink" privilege. If you do that, though, your > site will become infected by robots who will download every historical > tarball, ZIP archive, "annotation", and diff, sucking up all your > bandwidth and CPU cycles. A robots.txt file will not help - the > offending bots all ignore robots.txt. Perhaps you can keep the bots > at bay by setting up a bandwidth-limiting proxy of some kind. Unchecking the "Download Zip" under Users -> Nobody could help to reduce the walk, true?. > Javascript is also used to draw the timeline graph. There is no way > around that. Either you enable Javascript, or you do without the > timeline graph. > > I wonder if you can be more specific about what your non-javascript > users are having problems with? Some people who have tried to access the site, were redirected to the "honeypot" page, they could not see the content of the site. pgpk2eZOZzj79.pgp Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On 4/29/17, Joerg Sonnenbergerwrote: > > Something like > > if ($http_user_agent ~* > (360Spider|80legs|App3leWebKit|Baiduspider|EasouSpider)) { > return 403; > } > from my nginx.conf is a great help :) It helps some. But there are spiders that use UserAgent strings that are copied from Firefox and Chrome. -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On Sat, Apr 29, 2017 at 04:23:50PM -0400, Richard Hipp wrote: > You can further allow users to see hyperlinks without first logging in > as anonymous by going to Admin/Users and editing the "anonymous" user > to give that user "hyperlink" privilege. If you do that, though, your > site will become infected by robots who will download every historical > tarball, ZIP archive, "annotation", and diff, sucking up all your > bandwidth and CPU cycles. A robots.txt file will not help - the > offending bots all ignore robots.txt. Perhaps you can keep the bots > at bay by setting up a bandwidth-limiting proxy of some kind. Something like if ($http_user_agent ~* (360Spider|80legs|App3leWebKit|Baiduspider|EasouSpider)) { return 403; } from my nginx.conf is a great help :) Joerg ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] Is there a way to disable the JavaScript requirement for a hosted fossil repo wiki?
On 4/29/17, Zachary Storerwrote: > Hello, > > I'm a community member of a tiny Gnu/Linux distro called Dragora. < > http://dragora.org>. We want to use fossil for our distro, but we've > noticed that some users are unable to access the wiki due to JavaScript > being enabled (I guess due to this issue: < > http://fossil-scm.org/index.html/doc/trunk/www/antibot.wiki>). > You can disable the anti-robot defenses. Visit the Admin/Access page to adjust the settings. Uncheck the "Enable hyperlinks for "nobody" based on User-Agent and Javascript" button and then press "Apply" at the bottom of the page. When you do that, though, hyperlinks will only be visible for people who have logged in as "anonymous". The requirement to login as "anonymous" is a kind of anti-robot defense that does not use javascript. You can further allow users to see hyperlinks without first logging in as anonymous by going to Admin/Users and editing the "anonymous" user to give that user "hyperlink" privilege. If you do that, though, your site will become infected by robots who will download every historical tarball, ZIP archive, "annotation", and diff, sucking up all your bandwidth and CPU cycles. A robots.txt file will not help - the offending bots all ignore robots.txt. Perhaps you can keep the bots at bay by setting up a bandwidth-limiting proxy of some kind. Javascript is also used to draw the timeline graph. There is no way around that. Either you enable Javascript, or you do without the timeline graph. I wonder if you can be more specific about what your non-javascript users are having problems with? -- D. Richard Hipp d...@sqlite.org ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users