[Buildbot-commits] [Buildbot] #1926: GET requests on target URLs of POST forms should be refused

Buildbot nobody at buildbot.net
Mon Apr 11 11:16:07 UTC 2011


#1926: GET requests on target URLs of POST forms should be refused
----------------------+-----------------------
Reporter:  pitrou     |      Owner:
    Type:  undecided  |     Status:  new
Priority:  minor      |  Milestone:  undecided
 Version:  0.8.3      |   Keywords:
----------------------+-----------------------
 At python.org we started having log entries like the following:

 {{{
 X.Y.Z.W - - [11/Apr/2011:11:44:10 +0200] "GET
 /dev/buildbot/all/builders/x86%20debian%20parallel%203.x/builds/1940/rebuild
 HTTP/1.1" 302 278 "http://www.python.org/dev/buildbot/all/builders/x86
 debian parallel 3.x/builds/1940" "WebReaper [support at webreaper.net]"
 }}}

 This triggered lots of spurious rebuilds. Since the "rebuild" form
 normally uses the POST method, it means the above bot/crawler is ill-
 behaved. Refusing GET requests on the rebuild URL (and other ones) would
 easily defend against such crawlers, and prevent rebuilds from polluting
 the build history.

-- 
Ticket URL: <http://trac.buildbot.net/ticket/1926>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation


More information about the Commits mailing list