EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #10136

RE: [EP-tech] DDoS of EPrints advanced search

To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
Subject: RE: [EP-tech] DDoS of EPrints advanced search
From: Matthew Kerwin <matthew.kerwin@qut.edu.au>
Date: Sun, 8 Jun 2025 02:36:11 +0000

CAUTION: This e-mail originated outside the University of Southampton.

Hi Florian,

> may I ask how you try that? I wonder if browsers can disregard zhis due to privacy extensions or settings when there is a e.g. <meta name="referer" content="always"> hint in the page, rendering them users unable to use your search altogether.

I've only ensured the server instructs browsers; they don't have to comply. I actually send a standard Referrer-Policy header value in the HTTP response: `origin-when-cross-origin` [1]. We use this a bit across the university; the majority of our users navigate between sites within the organisation so it's sometimes useful to see when someone has come to eprints from somewhere, or vice versa.

I would be surprised if any browser extension redacted Referer values even within a single origin/site, that's pretty paranoid.

In any case, when I have to choose between: a) some users can't search my site because they have personal reasons to not be able to comply with some technical requirements, but they can still browse; vs b) malicious – or at least pathological – robots have crashed my server making it entirely unusable for everyone; I'll opt for solution (a). I still know of users who entirely disable javascript, so a bunch of functionality is broken for them. That is their choice and their prerogative; they just can't expect everything to continue to work the same way.

Cheers

1: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FWeb%2FHTTP%2FReference%2FHeaders%2FReferrer-Policy&data=05%7C02%7Ceprints-tech%40ecs.soton.ac.uk%7Cf5396c1ba416482af92b08dda6354090%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638849469878148740%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=qzzMPa%2BsutfXWZ4cEsQhxD3rVDUY090QkMx8oNgnYL4%3D&reserved=0

--
Matty Kerwin (he/him)
Software Engineer
Education & Research
Digital Business Solutions

Queensland University of Technology
Email: matthew.kerwin@qut.edu.au
KG-X232, Kelvin Grove Campus

Follow-Ups:
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Andrew M <eprints-tech@unitedgames.co.uk>

References:
- [EP-tech] DDoS of EPrints advanced search
  - From: David R Newman <drn@ecs.soton.ac.uk>
- AW: [EP-tech] DDoS of EPrints advanced search
  - From: Jens Witzel <jens.witzel@uzh.ch>
- RE: [EP-tech] DDoS of EPrints advanced search
  - From: John Salter <J.Salter@leeds.ac.uk>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Florian Heß <hess@ub.uni-heidelberg.de>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: David R Newman <drn@ecs.soton.ac.uk>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Florian Heß <hess@ub.uni-heidelberg.de>
- RE: [EP-tech] DDoS of EPrints advanced search
  - From: Matthew Kerwin <matthew.kerwin@qut.edu.au>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Martin Brändle <martin.braendle@uzh.ch>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- RE: [EP-tech] DDoS of EPrints advanced search
  - From: Matthew Kerwin <matthew.kerwin@qut.edu.au>
- Re: [EP-tech] DDoS of EPrints advanced search
  - From: Florian Heß <hess@ub.uni-heidelberg.de>

Prev by Date: Re: [EP-tech] DDoS of EPrints advanced search
Next by Date: Re: [EP-tech] DDoS of EPrints advanced search
Previous by thread: Re: [EP-tech] DDoS of EPrints advanced search
Next by thread: Re: [EP-tech] DDoS of EPrints advanced search
Index(es):
- Date
- Thread