On Sun, Jan 25, 2026 at 09:24:00AM -0500, Nick Holland wrote: > I HAVE changed the redirection to localhost. I am looking at ideas for > a "better" solution, which I'm sure will be hated by many, because it > isn't as straight forward as it was. I don't even know what the better > solution is, I just know it won't be liked, and I won't like doing it.
In the specific case of cvsweb, couldn't it redirect to a page with an HTML form which asks you to enter the filename of the file you are trying to access. For example, you request a diff between v1.1 and v1.3 of sys/foo/bar.c, and cvsweb thinks that you are a bot. Redirect to a page which requires you to enter just the filename, in this case bar.c, (difficult for a bot to do unless specifically programmed to do so), then if the submitted name is correct set a cookie or whitelist the IP and user-agent header combination for 24 hours or something like that. Also, what exactly are people using cvsweb for? If it's convenient local browsing of the source tree, then let's make a port or FAQ to explain how to set up a local cvsweb together with reposync so that people can host their own cvsweb instance on their LAN. If it's sharing links on public forums to specific file revisions, then we can show people how to set up local dns to redirect the public URLS to their local cvsweb instance, and/or maintain a whitelist on the public cvsweb either for specific refferers, such as undeadly.org, or specific urls that are known to have been posted to at least one 'reputable' site/forum, so that those specific links don't trigger anti-bot actions.
