Block slashdot.org better

RESOLVED FIXED

Status

mozilla.org Graveyard
Server Operations
RESOLVED FIXED
15 years ago
3 years ago

People

(Reporter: Stephen Ostermiller, Assigned: justdave)

Tracking

Details

(URL)

(Reporter)

Description

15 years ago
bugzilla.mozilla.org checks the referrer to see if the link was from slashdot. 
If  the link was from slashdot, it puts up the error:

Sorry, links to Bugzilla from Slashdot are disabled.

This is done because bugzilla cannot handle the volume of traffic that slashdot
can send, and it goes down.  The idea is that the site administrators at
slashdot will realize that they can't link to slashdot, and they won't do so.

Today bugzilla was slashdotted again.  It went down.

Editors at slashdot typically use https://slashdot.org/ instead of
http://slashdot.org/.  Timothy posted the article because the link worked for
him from the editor side.  Once the URL went public, slashdot users brought down
bugzilla by getting the error page.  Slashdotters also reported they could get
to bugzilla if the referrer was http://developers.slashdot.org/

The blocking currently in place in ineffective because slashdot editors will
never see it and they will link to bugzilla anyway.

Make the block more comprehensive.
Currently we have this:

        RewriteCond %{HTTP_REFERER} ^http://(www\.)?slashdot\.org
        # Don't redirect requests that have already been redirected
        # or we'll end up in an infinite redirect loop.
        RewriteCond %{REQUEST_URI} !=/slashdot/index.html
        RewriteRule ^.* /slashdot/index.html [R,L]

I recommend changing it to this:

        RewriteCond %{HTTP_REFERER} ^https?://(.+\.)?slashdot\.org
        # Don't redirect requests that have already been redirected
        # or we'll end up in an infinite redirect loop.
        RewriteCond %{REQUEST_URI} !=/slashdot/index.html
        RewriteRule ^.* /slashdot/index.html [R,L]

Any objections, Myk?
Assignee: endico → justdave
Myk okayed in IRC.  Done.  If anyone notices problems, please reopen.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
(Reporter)

Comment 3

15 years ago
the .+ in ^https?://(.+\.)?slashdot\.org could match far more than you intend. 
I would recommend limiting it from any character to any character other than a
forward slash:
^https?://([^/]+\.)?slashdot\.org

Otherwise 
http://bugzilla.mozilla.org/doc=slashdot.org 
would match.
OK, good point.  done.
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.