Hi, On Thu, Sep 25, 2025 at 01:12:36PM -0700, Collin Funk wrote: > Pádraig Brady <[email protected]> writes: > > > I also mentioned Anubis on IRC, but I understand > > there are issues with that because of javascript? > > CCing Mark Wielaard who does a lot of work on sourceware.org (not sure > of official title, sorry).
Grin, I am not sure there are "official titles" :) But I am part of the PLC and one of the "overseers": https://sourceware.org/mission.html#organization > But it seems using metarefresh challenges > with Anubis works well there [1]. Those do not require javascript. But > he can correct me if the situation is more complex than that. Yes, the metarefresh "challenge" checks that the You can try by accessing e.g. http://patchwork.sourceware.org > [1] > https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh/ The configuration can be found at: https://forge.sourceware.org/forge/forge/src/branch/main/config-files/srv/anubis/botPolicies.yaml (also behind anubis) Note that it can also use a javascript challenge (at different difficulties) if the request is really suspecious (but that is almost never the case). It is also fairly simple to get around by just "faking" your User-Agent (don't include the Mozilla or Opera strings). And for bugzilla we recently added a complete pass-through in case you use POST (instead of GET) or if you have a bugzilla (login) cookie: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121863#c6 (yes, also behind anubis :) Finally, Xe, the main Anubis author hangs out on irc and is very helpful. Cheers, Mark
