On Tue, May 12, 2020 at 11:37:23PM -0400, Ryan Sleevi wrote: > On Tue, May 12, 2020 at 10:30 PM Matt Palmer via dev-security-policy > <dev-security-policy@lists.mozilla.org> wrote: > > > > On Tue, May 12, 2020 at 07:35:50AM +0200, Hanno Böck via > > dev-security-policy wrote: > > > After communicating with Microsoft it turns out this is due to user > > > agent blocking, the URLs can be accessed, but not with a wget user > > > agent. > > > Microsoft informed me that "the wget agent is explicitly being blocked > > > as a bot defense measure." > > > > > > I leave it up to the community to discuss whether this is acceptable. > > > > I'm firmly on the "nope, unacceptable" side of the fence on this one. > > Could you share your reasoning?
Sure, plenty of reasons: 1. As Hanno said, it's a public resource, and as such it should, in general, be available to the public. 2. wget is a legitimate tool for downloading files, thus blocking the wget user agent is denying legitimate users access to the resource. 3. For a miscreant, blocking by user agent is barely a speed bump, as changing UA to something innocuous / harder to block is de rigeur. - Matt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy