Re: [Buildbot-commits] [Buildbot] #1926: GET requests on target URLs of POST forms should be refused

Mon, 13 Jan 2014 22:40:35 -0800 

#1926: GET requests on target URLs of POST forms should be refused
------------------------+---------------------
Reporter:  pitrou       |       Owner:
    Type:  enhancement  |      Status:  closed
Priority:  minor        |   Milestone:  0.9.0
 Version:  0.8.3        |  Resolution:  fixed
Keywords:  web          |
------------------------+---------------------
Changes (by dustin):

 * status:  new => closed
 * resolution:   => fixed


Old description:

> At python.org we started having log entries like the following:
>
> {{{
> X.Y.Z.W - - [11/Apr/2011:11:44:10 +0200] "GET
> /dev/buildbot/all/builders/x86%20debian%20parallel%203.x/builds/1940/rebuild
> HTTP/1.1" 302 278 "http://www.python.org/dev/buildbot/all/builders/x86
> debian parallel 3.x/builds/1940" "WebReaper [[email protected]]"
> }}}
>
> This triggered lots of spurious rebuilds. Since the "rebuild" form
> normally uses the POST method, it means the above bot/crawler is ill-
> behaved. Refusing GET requests on the rebuild URL (and other ones) would
> easily defend against such crawlers, and prevent rebuilds from polluting
> the build history.

New description:

 At python.org we started having log entries like the following:

 {{{
 X.Y.Z.W - - [11/Apr/2011:11:44:10 +0200] "GET
 /dev/buildbot/all/builders/x86%20debian%20parallel%203.x/builds/1940/rebuild
 HTTP/1.1" 302 278 "http://www.python.org/dev/buildbot/all/builders/x86
 debian parallel 3.x/builds/1940" "WebReaper [[email protected]]"
 }}}

 This triggered lots of spurious rebuilds. Since the "rebuild" form
 normally uses the POST method, it means the above bot/crawler is ill-
 behaved. Refusing GET requests on the rebuild URL (and other ones) would
 easily defend against such crawlers, and prevent rebuilds from polluting
 the build history.

--

Comment:

 This is the case in rest.py, now.  POST is for JSONAPI, and GET only
 reads.

-- 
Ticket URL: <http://trac.buildbot.net/ticket/1926#comment:4>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Buildbot-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/buildbot-commits

Reply via email to