On 02/04/2014 Roberto Galoppini wrote:
softpedia.com ... passes traffic through our download redirector flow ... we can indeed redirect this traffic by referrer to a different landing page if one is provided.
Can't we just serve a 403? It's their problem, not ours. It's not rude at all, it's a way to protect our users: if we don't want that our unreleased versions are purported for real releases, we need that users only access them from a page on apache.org, on openoffice.org or e-mail until we release them.
So matching the HTTP referer and serving a 403 unless it comes from *.apache.org , *.openoffice.org or is empty seems the best solution to me. If we really want to be extra-polite, http://www.openoffice.org/download/devbuilds.html should be scary enough for casual users.
Of course, if this is a manual operation that must be done when we enter RC phase and undone after release, and only the SourceForge staff can do that, then this becomes a bit complex. Or can the project members who have access to the SourceForge area enable/disable the protection with no need for external help?
Regards, Andrea. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org