Check-in [58a48e3abe]
Not logged in
Home Timeline Branches Tags Tickets Wiki Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Rearrange fields in the Robot Defense setup to make it easier to understand.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 58a48e3abe444fb675ece04d53d634ccbbfaf6551785e209083c889c0dbdb6ed
User & Date: drh 2025-08-21 10:51:54.059
Context
2025-08-21
12:02
Change [3710202914] to call the function to load the diff-related JS code even for blocked diffs. By default, the loader function is already a no-op if diffs are blocked, so the behavior intended by [3710202914] is retained. But other branches are patching the loader function because they rely on the JS code even if the diffs are hidden. check-in: 171127fd14 user: florian tags: trunk
10:51
Rearrange fields in the Robot Defense setup to make it easier to understand. check-in: 58a48e3abe user: drh tags: trunk
2025-08-20
15:02
When appending the ssh signature, use a more direct function with the same result. check-in: 5d040f1ff0 user: danield tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to src/setup.c. 
419
420
421
422
423
424
425






426
427
428


429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464

465
466
467
468
469
470
471
472
473
474
475
476
477
478

    "2", "UserAgent only",
    "1", "UserAgent and Javascript",
  };
  multiple_choice_attribute(
     "Enable hyperlinks base on User-Agent and/or Javascript",
     "auto-hyperlink", "autohyperlink", "1",
     count(azDefenseOpts)/2, azDefenseOpts);






  @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users,
  @ including user "nobody", as long as the User-Agent string in the
  @ HTTP header indicates that the request is coming from an actual human


  @ being.  If this setting is "UserAgent only" (2) then the
  @ UserAgent string is the only factor considered.  If the value of this
  @ setting is "UserAgent And Javascript" (1) then Javascript is added that
  @ runs after the page loads and fills in the href= values of &lt;a&gt;
  @ elements.  In either case, &lt;a&gt; tags are only generated if the
  @ UserAgent string indicates that the request is coming from a human and
  @ not a robot.
  @
  @ <p>This setting is designed to give easy access to humans while
  @ keeping out robots.
  @ You do not normally want a robot to walk your entire repository because
  @ if it does, your server will end up computing diffs and annotations for
  @ every historical version of every file and creating ZIPs and tarballs of
  @ every historical check-in, which can use a lot of CPU and bandwidth
  @ even for relatively small projects.</p>
  @
  @ <p>The "UserAgent and Javascript" value for this setting provides
  @ superior protection from robots.  However, that setting also prevents
  @ the visited/unvisited colors on hyperlinks from displaying correctly
  @ on Safari-derived browsers.  (Chrome and Firefox work fine.)  Since
  @ Safari is the underlying rendering engine on all iPhones and iPads,
  @ this means that hyperlink visited/unvisited colors will not operate
  @ on those platforms when "UserAgent and Javascript" is selected.</p>
  @
  @ <p>Additional parameters that control the behavior of Javascript:</p>
  @ <blockquote>
  entry_attribute("Delay in milliseconds before enabling hyperlinks", 5,
                  "auto-hyperlink-delay", "ah-delay", "50", 0);
  @ <br>
  onoff_attribute("Also require a mouse event before enabling hyperlinks",
                  "auto-hyperlink-mouseover", "ahmo", 0, 0);
  @ </blockquote>
  @ <p>For maximum robot defense, "Delay" should be at least 50 milliseconds
  @ and "require a mouse event" should be turned on.  These values only come
  @ into play when the main auto-hyperlink settings is 2 ("UserAgent and
  @ Javascript").</p>

  @
  @ <p>To see if Javascript-base hyperlink enabling mechanism is working,
  @ visit the <a href="%R/test-env">/test-env</a> page (from a separate
  @ web browser that is not logged in, even as "anonymous") and verify
  @ that the "g.jsHref" value is "1".</p>
  @ <p>(Properties: "auto-hyperlink", "auto-hyperlink-delay", and
  @ "auto-hyperlink-mouseover"")</p>
}

/*
** WEBPAGE: setup_robot
**
** Settings associated with defense against robots.  Requires setup privilege.
*/








>
>
>
>
>
>

|
<
>
>
|



|
|
<
<
<
<
<
<
<
<
<
<
<
<
|
<
<
<
<

<
<
<
<
<
<
<
<



|
>


|
|

<
<








419
420
421
422
423
424
425
426
427
428
429
430
431
432
433

434
435
436
437
438
439
440
441












442




443








444
445
446
447
448
449
450
451
452
453


454
455
456
457
458
459
460

    "2", "UserAgent only",
    "1", "UserAgent and Javascript",
  };
  multiple_choice_attribute(
     "Enable hyperlinks base on User-Agent and/or Javascript",
     "auto-hyperlink", "autohyperlink", "1",
     count(azDefenseOpts)/2, azDefenseOpts);
  @ <br>
  entry_attribute("Delay in milliseconds before enabling hyperlinks", 5,
                  "auto-hyperlink-delay", "ah-delay", "50", 0);
  @ <br>
  onoff_attribute("Also require a mouse event before enabling hyperlinks",
                  "auto-hyperlink-mouseover", "ahmo", 0, 0);
  @ <p>Enable hyperlinks (the equivalent of the "h" permission) for all users,
  @ including user "nobody" if the request appears to be from a human.

  @ Disabling hyperlinks helps prevent robots from walking your site and
  @ soaking up all your CPU and bandwidth.
  @ If this setting is "UserAgent only" (2) then the
  @ UserAgent string is the only factor considered.  If the value of this
  @ setting is "UserAgent And Javascript" (1) then Javascript is added that
  @ runs after the page loads and fills in the href= values of &lt;a&gt;
  @ elements.  In either case, &lt;a&gt; tags are not generated if the
  @ UserAgent string indicates that the client is a robot.












  @ (Property: "auto-hyperlink")</p>




  @








  @ <p>For maximum robot defense, "Delay" should be at least 50 milliseconds
  @ and "require a mouse event" should be turned on.  These values only come
  @ into play when the main auto-hyperlink settings is 2 ("UserAgent and
  @ Javascript").
  @ (Properties: "auto-hyperlink-delay" and "auto-hyperlink-mouseover")</p>
  @
  @ <p>To see if Javascript-base hyperlink enabling mechanism is working,
  @ visit the <a href="%R/test-env">/test-env</a> page from a separate
  @ web browser that is not logged in, even as "anonymous" and verify
  @ that the "g.jsHref" value is "1".</p>


}

/*
** WEBPAGE: setup_robot
**
** Settings associated with defense against robots.  Requires setup privilege.
*/
Fossil version [1205ec86cb] 2025-04-30 16:57:32