On Thu, Feb 17, 2011 at 09:34:49AM -0500, Richard Hipp wrote: > On the http://www.fossil-scm.org/ website (which, as you know, is really > just an instance of Fossil running as CGI) I have added to the Fossil > header: > > <meta name="ROBOTS" content="NOFOLLOW">
I have an idea that might work. What you want is a way to make sure it's a browser vs. a bot, basically a "login" that happens automatically for people using a browser, but doesn't happen for bots. First thing is, you require cookies to browse the site. Next, you have the "login" page with a light option. What the Light Login Page does is use some javascript to do a minor calculation and then set a nonce as a cookie. It wouldn't have to be that complex, just something that is calculated in javascript that can be verified in fossil. Then, fossil is setup so that anyone without this nonce is sent to the LLP. If they have cookies turned on and can calculate the nonce then they're just redirected back to where they were trying to go. If not then they're shown a message that says they have to turn cookies on because they look like a bot. After that, anyone with the nonce is considered "logged in". In fact, you could probably do this right now with the current login scheme and the anonymous login button. Just change the javascript to do an automated form submit without requiring a button click. Anyway, if all you need to do is block bots then it's trivial to just make a simple javascript based automatic login system that only works in a browser. People could subvert it, but it'd be a special case that you could handle. -- Zed A. Shaw http://zedshaw.com/ _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
