Fossil

Check-in [aa4159f781]
Login

Check-in [aa4159f781]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:A redirect to the honeypot due to robot complex-request detection also sets the "fossil-goto" cookie with the original URL. If a real users proceeds to login, then a redirect to the complex-request occurs as soon as the login completes.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: aa4159f781b4366ff07228bb2c351745dc293eb802da58860cb09fab2fe45988
User & Date: drh 2024-07-27 10:20:17
Context
2024-07-27
10:31
In the default skin, disable the 'disc' view of UL/LI elements for the /dir page. Reported in [forum:915412fb92|forum post 915412fb92]. ... (check-in: 61e62c02a1 user: stephan tags: trunk)
10:20
A redirect to the honeypot due to robot complex-request detection also sets the "fossil-goto" cookie with the original URL. If a real users proceeds to login, then a redirect to the complex-request occurs as soon as the login completes. ... (check-in: aa4159f781 user: drh tags: trunk)
2024-07-26
17:49
Add the complex-requests-from-robots limiter. ... (check-in: 1a0b304307 user: drh tags: trunk)
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/cgi.c. 

1892
1893
1894
1895
1896
1897
1898
























1899
1900
1901
1902
1903
1904
1905

1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929








+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+








void cgi_query_parameters_to_url(HQuery *p){
  int i;
  for(i=0; i<nUsedQP; i++){
    if( aParamQP[i].isQP==0 || aParamQP[i].cTag ) continue;
    url_add_parameter(p, aParamQP[i].zName, aParamQP[i].zValue);
  }
}

/*
** Reconstruct the URL into memory obtained from fossil_malloc() and
** return a pointer to that URL.
*/
char *cgi_reconstruct_original_url(void){
  int i;
  char cSep = '?';
  Blob url;
  blob_init(&url, 0, 0);
  blob_appendf(&url, "%s/%s", g.zBaseURL, g.zPath);
  for(i=0; i<nUsedQP; i++){
    if( aParamQP[i].isQP ){
      struct QParam *p = &aParamQP[i];
      if( p->zValue && p->zValue[0] ){
        blob_appendf(&url, "%c%t=%t", cSep, p->zName, p->zValue);
      }else{
        blob_appendf(&url, "%c%t", cSep, p->zName);
      }
      cSep = '&';
    }
  }
  return blob_str(&url);  
}

/*
** Tag query parameter zName so that it is not exported by
** cgi_query_parameters_to_hidden().  Or if zName==0, then
** untag all query parameters.
*/
void cgi_tag_query_parameter(const char *zName){

Changes to src/login.c. 

119
120
121
122
123
124
125



126
127
128
129
130
131
132

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135








+
+
+








** Redirect to the page specified by the "g" query parameter.
** Or if there is no "g" query parameter, redirect to the homepage.
*/
static void redirect_to_g(void){
  const char *zGoto = P("g");
  if( zGoto ){
    cgi_redirectf("%R/%s",zGoto);
  }else if( (zGoto = P("fossil-goto"))!=0 && zGoto[0]!=0 ){
    cgi_set_cookie("fossil-goto","",0,1);
    cgi_redirect(zGoto);
  }else{
    fossil_redirect_home();
  }
}

/*
** Return an abbreviated project code.  The abbreviation is the first

1333
1334
1335
1336
1337
1338
1339

1340
1341
1342
1343
1344
1345
1346

1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350








+








    glob_free(pGlob);
    if( !go ) return;
  }

  /* If we reach this point, it means we have a situation where we
  ** want to restrict the activity of a robot.
  */
  cgi_set_cookie("fossil-goto", cgi_reconstruct_original_url(), 0, 600);
  cgi_redirectf("%R/honeypot");
}  

/*
** This routine examines the login cookie to see if it exists and
** is valid.  If the login cookie checks out, it then sets global
** variables appropriately.