Dear DSpace Community, Right now, we have Turnstile successfully integrated into the DSpace frontend, including both the frontend widget and the backend verification. We are running the Turnstile backend verification service as a separate process from the DSpace backend, and it is used to validate users accessing the DSpace frontend.
However, the DSpace backend public APIs (e.g., /api/core/collections/, /api/core/items/, etc.) are still open and can be accessed directly, which allows bots to scrape the content. We would like to implement Turnstile verification for the DSpace backend APIs as well, in order to protect them from unauthorized external clients and bot traffic—without disrupting legitimate access from the DSpace frontend. How can we achieve this? Sincerely, Maryam Fayazi On Thursday, November 13, 2025 at 8:15:03 AM UTC-8 UALibraries WebServices wrote: > > Hello Mark, > > Thanks for your email. We are attempting to implement CloudFlare > Turnstile and have successfully implemented the front-end bot challenge > widget. However, we need to implement server-side verification, so if a bot > attempts to directly access the backend to download a PDF, it will check to > see if the client has a valid Cloudflare Turnstile token to access the > resource. > > Sincerely yours, > Maryam Fayazi > > On Wednesday, November 12, 2025 at 6:44:02 AM UTC-8 [email protected] wrote: > > On Tue, Nov 11, 2025 at 08:34:15PM +0000, UALibraries WebServices wrote: > > I am currently exploring ways to enhance security and performance for a > DSpace instance and am considering the use of Cloudflare in the backend. > Before proceeding, I wanted to check if anyone in the community has > experience implementing Cloudflare with DSpace. > > Cloudflare does a lot of different things. You might get more useful > answers if you explain in more detail what you are trying to do and > how you think Cloudflare can help with that. > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > library.indianapolis.iu.edu > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/a331d52c-9ea3-4df8-9ee8-13e6285cddc3n%40googlegroups.com.
