Bug 507978

Summary: Phabricator is 403 when user agent contains name of blacklisted OS
Product: [Websites] www.kde.org Reporter: Roke Julian Lockhart Beedell <4wy78uwh>
Component: generalAssignee: kde-www mailing-list <kde-www>
Status: RESOLVED INTENTIONAL    
Severity: normal CC: 4wy78uwh
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Microsoft Windows   
OS: Microsoft Windows   
See Also: https://bugs.kde.org/show_bug.cgi?id=507977
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: A Duplicate Of The Page

Description Roke Julian Lockhart Beedell 2025-08-07 13:27:07 UTC 
Created attachment 183856 [details]
A Duplicate Of The Page

SUMMARY

Phabricator is 403, across multiple browsers.

STEPS TO REPRODUCE

Visit https://phabricator.kde.org/#:~:text=Forbidden,Server%20at%20phabricator.kde.org%20Port%20443.

OBSERVED RESULT

> ~~~
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>403 Forbidden</title>
> </head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access this resource.</p>
> <hr>
> <address>Apache/2.4.18 (Ubuntu) Server at phabricator.kde.org Port 443</address>
> </body></html>
> ~~~

EXPECTED RESULT

I should be able to visit it.

ADDITIONAL INFORMATION

Ascertained at https://bugs.kde.org/show_bug.cgi?id=507977#c1.
Comment 1 Tobias Fella 2025-08-07 14:07:48 UTC 
*** Bug 507977 has been marked as a duplicate of this bug. ***
Comment 2 Ben Cooksley 2025-08-07 18:47:49 UTC 
Phabricator is only accessible currently on FOSS devices due to abuse by AI crawlers sorry.
Comment 3 Roke Julian Lockhart Beedell 2025-08-07 20:32:43 UTC 
(In reply to Ben Cooksley from comment #2)

I can access it from my smartphone OEM's non-FOSS AOSP distribution, and AI scrapers are well-known to just spoof UAs. Have you considered something like Anubis, per https://discourse.gnome.org/t/anime-girl-on-gnome-gitlab/27689/2?u=rokejulianlockhart? I see it often, nowadays. Am I allowed to spoof my UA to access it?
Comment 4 Ben Cooksley 2025-08-08 09:12:09 UTC 
I'm well aware of UA spoofing, and yes of course AI scrapers do it. Most of them try to be desktop devices on Windows or macOS though thankfully.

Also well aware of Anubis and other alternatives. The way we have Phabricator deployed does not align well with deploying filters like Anubis unfortunately.